7.5 Access Control Levels

You can define an Access Control Level (ACL) for your auditors that specifies which events they are allowed to view and restricts auditors from authorizing their own activity.

7.5.1 Adding or Modifying a User ACL

  1. Click Compliance Auditor on the home page of the console.

  2. Click Access Control in the task pane.

  3. To add a new ACL, click Add User ACL in the task pane. To modify an existing ACL, select the required User and click Modify ACL in the task pane.

    When creating a new user ACL, select the user from the Username drop-down list.

  4. Click Add.

  5. At the bottom of the table, select the attribute from the drop-down list that describes the entity to which you want to control access for the selected user.

    For example, if you do not want this user to be able to audit Command Control events involving a particular command, click Command.

  6. In the Matches field, specify the value of the attribute you want to control access to.

    For example, if you do not want this user to be able to audit any Command Control events that involve the cat /etc/passwd command, specify this command in this field. You can use wildcard characters in this field.

  7. Set the Action to allow or deny.

  8. (Optional) Use the arrow buttons to move entries up and down the list.

    You might want to do this if, for example, you are allowing the user to access a restricted list of commands, and using the wildcard * to deny access to all other commands. The allowed commands entries must be above the deny all entry. By default, all commands are allowed.

  9. (Optional) Remove an attribute by selecting it and then clicking the Remove button.

  10. (Optional) Modify an entry by selecting it, then specifying the changes.

  11. Click Finish.

7.5.2 Deleting a User ACL

  1. Click Compliance Auditor on the home page of the console.

  2. Click Access Control in the task pane.

  3. Select the user for whom you want to delete an ACL.

  4. Click Delete User ACL in the task pane.

  5. Click Finish to delete the ACL for the user.