Setting Up User Action Auditing

To set up user action auditing, use the Object Classes section on the navigation panel.

NOTE. When roles of information security administrator and application administrator are separated, the Object Classes section is available only for information security administrator.

The security manager can automatically audit operations executed by system subjects and record information about the executed operations to the access protocol. The logged operations are divided into general that can be executed with all object types, and specific that can be executed only with specific object type. Operation history can be maintained for each object type: object changes, permission changes, object deletion. If full history is maintained, object changes by all operations are saved to history.

To select object types:

In the web application:

Hold down the CTRL key to select specified strings.
Hold down the SHIFT key to select all strings from the current to the N string (previous selection is cancelled).

In the desktop application:

Select the context menu item of object type:

Select All. It selects all elements in the list.
Inverse Selection. It inverts the existing selection (changes list element status to the opposite).
Deselect All. It deselects all elements in the list.

Hold down the CTRL key to select specified strings.
Hold down the SHIFT key to select all strings from the current to the N string (previous selection is cancelled).

After executing one of the operations the object types are selected for the further setup of access permissions, audit and history.

To change or view access permissions of object type:

In the web application, select the object.

In the desktop application:

Select the Access Permissions item in the object type context menu.
Select the object type and select the Object Classes > Access Permissions main menu item.
Double-click the object type name with the main mouse button.

After executing one of the operations the Properties side panel opens in the web application, and the Access Control Settings dialog box opens in the desktop application. Set up parameters of discretionary access control, auditing, attributes, security labels.

To turn on auditing where a set of logged operations of selected object type is determined:

In the web application:

Click the Audit > All Operations button on the toolbar to enable all operations on the Operation Auditing tab.
Click the Audit > Common Operations button on the toolbar to enable all operations, except specific ones, on the Operation Auditing tab.
Select checkboxes next to the required operations on the Operation Auditing tab of the Properties side panel.

In the desktop application select checkboxes of the required operations on the Object Classes tab.

After executing operations, the access protocol will record operation audit of subjects by selected operations.

To disable audit of the selected object type:

In the web application:

Click the Auditing > Turn Off button on the toolbar.
Deselect checkboxes next to the operations on the Operation Auditing tab of the Properties side panel.

In the desktop application:

Select the Turn Off Auditing context menu item of the object type.
Select the Object Classes > Turn Off Auditing main menu item
Deselect checkboxes next to the operations on the Object Classes tab.

After executing operations, the access protocol will turn off operation audit of subjects by selected operations.

To turn off history tracing of the selected object type:

In the web application:

Click the History > All Operations button on the toolbar to enable all operations history tracing on the Operation History tab.
Select checkboxes next to the required operations of history tracing on the Operation History tab of the Properties side panel.

In the desktop application select checkboxes of the required operations on the Object Classes tab.

After executing the operations, the history of of object modifications will be executed by selected operations.

To turn off history:

In the web application:

Click the History > Turn Off button on the toolbar.
Deselect checkboxes next to the operations of history tracing on the Operation History tab of the Properties side panel.

In the desktop application:

Select the Turn Off History context menu item in the object type.
Select the Object Classes > Turn Off History main menu item.
Deselect checkboxes next to the operations on the Object Classes tab.

After executing the operations, the history of object changes by selected operations will be turned off.

NOTE. When history tracing is enabled, frequent changing of repository objects may result in significant increase in volume of the system table, which stores history.

NOTE. Modifying permissions, turning off auditing and history is available for several selected objects.

By default, objects are displayed as a tree. When the flat view is enabled, object types are not grouped by classes.

To change the list view, select the View > Flat View/Hierarchical View main menu item in the desktop application.

In the web application click the Save button on the toolbar or on the side panel.

In the desktop application execute one of the operations:

Select the Repository > Apply Security Policy main menu item.
Click the Apply Security Policy button on the toolbar.

NOTE. If section parameters have been changed, an attempt to go to another section of the security manager or to close it displays a request to apply changed settings.

Adding Attributes

NOTE. In the desktop application one can edit specific object attributes in object properties on the Attributes tab in the object navigator. In the web application one can only view specific object attributes on the Properties side panel in the security manager.