You can define an Access Control Level (ACL) for your auditors that specifies which events they are allowed to view and restricts auditors from authorizing their own activity.
Click
on the home page of the console.Click
in the task pane.To add a new ACL, click
in the task pane. To modify an existing ACL, select the required and click in the task pane.When creating a new user ACL, select the user from the
drop-down list.Click
.At the bottom of the table, select the attribute from the drop-down list that describes the entity to which you want to control access for the selected user.
For example, if you do not want this user to be able to audit Command Control events involving a particular command, click
.In the
field, specify the value of the attribute you want to control access to.For example, if you do not want this user to be able to audit any Command Control events that involve the cat /etc/passwd command, specify this command in this field. You can use wildcard characters in this field.
Set the
to allow or deny.(Optional) Use the arrow buttons to move entries up and down the list.
You might want to do this if, for example, you are allowing the user to access a restricted list of commands, and using the wildcard * to deny access to all other commands. The allowed commands entries must be above the deny all entry. By default, all commands are allowed.
(Optional) Remove an attribute by selecting it and then clicking the
button.(Optional) Modify an entry by selecting it, then specifying the changes.
Click
.Click
on the home page of the console.Click
in the task pane.Select the user for whom you want to delete an ACL.
Click
in the task pane.Click
to delete the ACL for the user.