Symantec Security Expressions Server manual Item Rights, Global Machine List Access User Roles

Page 25

Configure Servers

Item Rights

The Item Rights options, found on the Page Access page, let you list which Windows User Groups are allowed to do the following:

Edit Private Items

Allow others to modify items that are normally exclusive to the user who created them, such as My Machine Lists and scheduled tasks.

Miscellaneous Target

Usually, the View Audit Results setting for scopes and machine lists controls access to most audit results, since most audits involve a scope or machine list. In the rare cases where 1) an audit doesn't involve a scope (computer audited individually) and 2) the computer isn't part of any machine list (whether or not a machine list was used in the audit), access to the audit results are controlled with this setting instead. Users with this right can view results from these kinds of audits.

Possible cases include the following, only when the computers audited don't belong to any machine list:

self-service audits

instant audits performed in the console application's Audit tab, not using a machine list

audits activated through the Web-services layer not using a machine list (see the SecurityExpressions Web Services API Guide for more information)

Remediate Miscellaneous Targets

Usually, the View Audit Results setting for scopes and machine lists controls access to most audit results, and therefore remediation of audit results, since most audits involve a scope or machine list. In the rare cases where 1) an audit doesn't involve a scope (computer audited individually) and 2) the computer isn't part of any machine list (whether or not a machine list was used in the audit), access to the audit results are controlled with this setting instead. Users with this right can view results from these kinds of audits.

Possible cases include the following, only when the computers audited don't belong to any machine list:

self-service audits

instant audits performed in the console application's Audit tab, not using a machine list

audits activated through the Web-services layer not using a machine list (see SecurityExpressions Web Services API Guide for more information)

Super User Access

Administrators of the product need to modify all configurable items (scopes, scheduled tasks, etc.)and view audit results, whether or not they're listed in the Windows User Groups with access to a configurable item or its audit results, and regardless of who owns private items such as My Machine Lists and scheduled tasks. We recommend entering a Windows User Group consisting of all product administrators here to ensure they're never locked out of audit results, configurable items, and private items.

Global Machine List Access: User Roles

17

Page 24 Page 26
Image 25
Page 24 Page 26
Contents SecurityExpressions Server User Guide Page Table Of Contents Page Table Of Contents Page Vii Page Contacting Us Page Contacting Technical Support Technical SupportPage SecurityExpressions Console Other ProductsPage About SecurityExpressions Audit & Compliance Server OverviewPage What is Self-Service Auditing? Self-Service AuditSelf-Service Audit Agreement How to Audit your Local ComputerDisplays on the page. No detailed audit results appear About Server Configuration Configure ServersLocal Server Settings Pages with Role SettingsViewing Audit Results SetupDatabase Connection Windows 2000 Servers Secure ConnectionCredential Store User Click OK on the Default Web Site Properties windowCreating Credential Stores SecurityExpressions Console Credential Stores Enable Web ServicesSoftware Registration Site PreferencesAccess Item Rights Global Machine List Access User RolesLibrary Synchronization Policy File LibraryCheck the Synchronize with a policy file library box How System Scores are Calculated About Policy FilesDefault method for remote execution on Windows Agent & Service ConfigurationTarget Options SSH Agent Authentication Database Cleanup Cancel Update TaskPolicies Add TaskSite Preferences Agent DownloadsClick Use the Following Agreement Allow Remediation Page Audit-On-Connect What is Audit-on-Connect?Policies Policies TablePage Adding Policies Editing Policies Deleting Policies Configuring with Run-Time Policy VariablesPage Scopes ScopesAdd a New Scope Page Edit a Scope Scopes Table DNS Domain Name Scopes Deleting ScopesExpression Scopes Supported OperatorsOrg Unit Scopes Supported FunctionsDetection Method Scopes Notifications Creating New Email Notifications Creating New Command NotificationsClick Add New Editing NotificationsClick Add New Creating New Command Notifications Notification Variables Deleting NotificationsExceptions ExceptionsExceptions Table Column Description Adding ExceptionsConnection Monitors Specify Password and Encrypted PasswordDeleting Exceptions Connection MonitorsRemove Configuring Connection MonitorsEnabling Connection Monitors IP Range Section Connection Monitor Configuration FileOptions DefaultConfiguration File Syntax Processing the Configuration FileActive Directory Active Directory Connection Monitor only Slow Links NetworkNetwork Admissions Control Trace Route InformationUnmanaged Systems Initial TokenQuarantined/Unknown HealthyReaudit if quarantined Redirection WebRedirection Web Page Behavior Audit on Connect TracingAudit on Connect Tracing Page Page Audit-On-Schedule What is Audit-on-Schedule?Page Adding Policies Editing Policies Deleting Policies Page Notifications Click Add New Click Add New Deleting Notifications My Machine Lists My Machine ListsEditing Machine Lists Adding Machine ListsDeleting Machine Lists Scheduled TasksEditing Global Machine Lists Scheduled TasksAdding Scheduled Tasks Basic SettingsSchedule Settings Hosts Not Connected Settings Credentials Settings Other Options SettingsEditing Scheduled Tasks Windows Group AccessSchedule Settings Notifications Other Options Settings Deleting Scheduled Tasks Page Browse Audit-On-Connect Activity View Audit-On-Connect ActivityAudit-On-Connect Activity Table Column Description Adding a New Audit-On-Connect Report ProfileDeleting Report Profiles Editing Report ProfilesAudit-On-Connect Exceptions Report Audit-On-Connect Error Log ReportPage Browse Audit Results View Audit ResultsAdding a New Audit Results Report Profile Page Adding Custom Reports to the Server Application Scheduled Audits Log ReportEditing Audit Report Results Profiles Deleting Audit Report Results ProfilesPage Glossary Page Index ConfigureIP address 33, 44, 45 Rule weights
Top Page Image Contents