|
For information on auditing a switch in security context, see Auditing the Switching of Security Context .
|
|
Be sure not to give non-admin users permission to edit objects at design time. For administrators, do not edit system objects at design time. If you edit them at design time, you risk losing any changes made during an upgrade.
|
Component
|
Permissions for a Non-Admin User Group
|
---|---|
Audit Subsystem
|
To allow non-admin users and user groups to invoke the QueryAuditHistory, ArchiveAuditHistory, ExportAuditData, and PurgeAuditData services:
• Audit Subsystem — > .
• Audit Subsystem — > . Define a service override for each service that you want users in the group to be able to invoke and add a Service Execute for each service.
|
AuditArchiveFileRepository
|
Permissions for the AuditArchiveFileRepository of the audit subsystem, should NOT be granted to non-admin users or user groups.
|
AuditArchiveScheduler
|
Users in the Administrators group should have access to this scheduler Thing. The scheduler Thing has a property, called lastArchivedTime, that is updated after every successful run of an archive operation. While it is possible, this property should NEVER be updated by a user, admin or non-admin. For this reason (and others that your organization may have), it is recommended that non-admin users NOT be granted access to the scheduler.
|
AuditPurgeScheduler
|
Only users in the Administrators group should have access to this scheduler Thing. It is recommended that non-admin users NOT be granted access to this scheduler.
|
AuditArchiveCleanupScheduler
|
For non-admin users to execute the cleanup service:
• AuditArchiveCleanupScheduler— >
• AuditArchiveCleanupScheduler— > . Define a service override for this service ( Service Execute).
|
AuditArchiveCleanupNotificationScheduler
|
For non-admin users to execute the notification of cleanup service:
• AuditArchiveCleanupNotificationScheduler— >
• AuditArchiveCleanupNotificationScheduler— > . Define a service override for this service ( Service Execute).
|
Service
|
Entity Type
|
Entity Name
|
Visibility
|
Design Time
|
Run-Time
|
---|---|---|---|---|---|
QueryAuditHistory
|
Subsystem
|
AuditSubsystem
|
Yes
|
Read
|
Service: QueryAuditHistory - service execute
|
Data Shape
|
AuditHistory
|
Yes
|
Read
|
||
ArchiveAuditHistory
|
Subsystem
|
AuditSubsystem
|
Yes
|
Read
|
Service: ArchiveAuditHistory: Service execute
|
Thing
|
AuditArchiveScheduler
|
Yes
|
None
|
Property LastArchiveTime: Property read and property write
|
|
ExportAuditData
|
Subsystem
|
AuditSubsystem
|
Yes
|
Read
|
Service: ExportAuditData: Service execute
|
Thing
|
AuditArchiveScheduler
|
Yes
|
None
|
Property LastArchivedTime: Property read and property write
|
|
Thing
|
<user-created FileRepository>
|
Yes
|
None
|
All services: Service execute
|
|
PurgeAuditData
|
Subsystem
|
AuditSubsystem
|
Yes
|
Read
|
Service PurgeAuditData: Service execute
|
Thing
|
AuditPurgeScheduler
|
Yes
|
None
|
Property read and property write
|