Configure Servers

Item Rights

The Item Rights options, found on the Page Access page, let you list which Windows User Groups are allowed to do the following:

Edit Private Items

Allow others to modify items that are normally exclusive to the user who created them, such as My Machine Lists and scheduled tasks.

Miscellaneous Target

Usually, the View Audit Results setting for scopes and machine lists controls access to most audit results, since most audits involve a scope or machine list. In the rare cases where 1) an audit doesn't involve a scope (computer audited individually) and 2) the computer isn't part of any machine list (whether or not a machine list was used in the audit), access to the audit results are controlled with this setting instead. Users with this right can view results from these kinds of audits.

Possible cases include the following, only when the computers audited don't belong to any machine list:

self-service audits

instant audits performed in the console application's Audit tab, not using a machine list

audits activated through the Web-services layer not using a machine list (see the SecurityExpressions Web Services API Guide for more information)

Remediate Miscellaneous Targets

Usually, the View Audit Results setting for scopes and machine lists controls access to most audit results, and therefore remediation of audit results, since most audits involve a scope or machine list. In the rare cases where 1) an audit doesn't involve a scope (computer audited individually) and 2) the computer isn't part of any machine list (whether or not a machine list was used in the audit), access to the audit results are controlled with this setting instead. Users with this right can view results from these kinds of audits.

Possible cases include the following, only when the computers audited don't belong to any machine list:

self-service audits

instant audits performed in the console application's Audit tab, not using a machine list

audits activated through the Web-services layer not using a machine list (see SecurityExpressions Web Services API Guide for more information)

Super User Access

Administrators of the product need to modify all configurable items (scopes, scheduled tasks, etc.)and view audit results, whether or not they're listed in the Windows User Groups with access to a configurable item or its audit results, and regardless of who owns private items such as My Machine Lists and scheduled tasks. We recommend entering a Windows User Group consisting of all product administrators here to ensure they're never locked out of audit results, configurable items, and private items.

Global Machine List Access: User Roles

17

Page 25
Image 25
Symantec Security Expressions Server manual Item Rights, Global Machine List Access User Roles