Setting Up User Action Auditing

To set up user action auditing, use the Object Classes section on the navigation panel.

NOTE. When roles of information security administrator and application administrator are separated, the Object Classes section is available only for information security administrator.

The Object Classes Section:

The security manager can automatically audit operations executed by system subjects and record information about the executed operations to the access protocol. The logged operations are divided into general that can be executed with all object types, and specific that can be executed only with specific object type. Operation history can be maintained for each object type: object changes, permission changes, object deletion. If full history is maintained, object changes by all operations are saved to history.

Select object types

Change object access permissions

Turn on or turn off auditing

Turn on or turn off history

NOTE. Modifying permissions, turning off auditing and history is available for several selected objects.

The types of objects are displayed as a list:

NOTE. Flat view is available only in the desktop application.

By default, objects are displayed as a tree. When the flat view is enabled, object types are not grouped by classes.

To change the list display view, select the View > Flat View/Hierarchical View main menu item of the desktop application.

To apply the specified settings of object types:

NOTE. If section parameters have been changed, an attempt to go to another section of the security manager or to close it displays a request to apply changed settings.

Adding Attributes

Set attributes for object classes on using the attribute-based access control method:

  1. For object classes. Attributes are set for all object types by means of the Attributes dialog box.

  2. For a particular object type. Attributes are set for one object type by using the Attributes tab on specifying up access control settings.

  3. For particular object. Attribute value is set for one object, if the corresponding object type contains attributes.

NOTE. Adding and editing attributes of a specific object is available only in object properties of the navigator in the desktop application. The web application provides possibility to view object attributes on the Properties side panel in read-only mode.

See also:

Setting Up System Security Policy | Object Classes | Selecting Operations of Audit and History | Creating Custom Attributes