Currently, Change Auditor allows role-base access defined by the settings in the Application User Interface under the Configuration task list in the Administration task tab. It defines who is authorized to perform different operations available in the Change Auditor client.
One of the common scenarios that customers are looking to solve is as follows. Consider a single Change Auditor installation for Active Directory, SharePoint, and Exchange. The Change Auditor Administrator wants to allow the Exchange Admins the ability to run reports against the data collected by Change Auditor, but wishes to restrict what data will be able to be seen to just Exchange related events.
At this time, there is no data segmentation or separation available. Any Change Auditor user (Administrator or Operator) will have access to any and all data types.
The following workarounds could be considered:
Use the Change Auditor Scheduled Reports to distribute search results to the users in question without granting them access to the Change Auditor Client. This would require identifying what information they need ahead of time.
Use the Web Client, and configure/publish shared overviews. This doesn't allow the web shared overview users to create new searches. They are still able to access other web shared overview URLs if they are provided with them.
Remove all searches from the Shared folder, and configure searches just in the Private folders. This doesn't restrict access to the data, but may prevent operators from seeing data, if they don't know how to create searches.
Split the Change Auditor installation into parts. With separate installs, the data is naturally segregated into different databases. This would require managing different AD groups for the different installs. Some Change Auditor components naturally complement each other, such as Exchange and Active Directory, such that separating these two doesn't make a lot of sense. There are Exchange related events which are sent from Domain Controllers. In the above example, SharePoint could be effective split off without any loss of information.
Enhancement Request VSTS007048 has been submitted to the Development for consideration in a future release of the Change Auditor. The feature would allow creation of searches for which access would be allowed for only specific set of defined users.