To set up user action auditing, use the Object Classes section on the navigation panel.
NOTE. When roles of information security administrator and application administrator are separated, the Object Classes section is available only for information security administrator.
The Object Classes Section:
The security manager can automatically audit operations executed by system subjects and record information about the executed operations to the access protocol. The logged operations are divided into general that can be executed with all object types, and specific that can be executed only with specific object type. Operation history can be maintained for each object type: object changes, permission changes, object deletion. If full history is maintained, object changes by all operations are saved to history.
Change object access permissions
NOTE. Modifying permissions, turning off auditing and history is available for several selected objects.
The types of objects are displayed as a list:
Flat view. Object types are displayed as a table.
NOTE. Flat view is available only in the desktop application.
Hierarchical view. Object types are displayed as a tree, which node is an object class. The hierarchy of object types can be expanded and collapsed by means of the Expand Entire Hierarchy or Collapse Entire Hierarchy context menu item.
By default, objects are displayed as a tree. When the flat view is enabled, object types are not grouped by classes.
To change the list display view, select the View > Flat View/Hierarchical View main menu item of the desktop application.
To apply the specified settings of object types:
In the desktop application:
Select the Repository > Apply Security Policy main menu item
Click the Apply Security Policy button on the toolbar
In the web application:
Click the Save button on the side panel.
NOTE. If section parameters have been changed, an attempt to go to another section of the security manager or to close it displays a request to apply changed settings.
Set attributes for object classes on using the attribute-based access control method:
For object classes. Attributes are set for all object types by means of the Attributes dialog box.
For a particular object type. Attributes are set for one object type by using the Attributes tab on specifying up access control settings.
For particular object. Attribute value is set for one object, if the corresponding object type contains attributes.
NOTE. Adding and editing attributes of a specific object is available only in object properties of the navigator in the desktop application. The web application provides possibility to view object attributes on the Properties side panel in read-only mode.
See also:
Setting Up System Security Policy | Object Classes | Selecting Operations of Audit and History | Creating Custom Attributes