Chat now with support
Chat with Support

Change Auditor 7.6 - User Guide

Change Auditor Overview Agent Deployment Change Auditor Client Overview Overview Page Searches Search Results and Event Details Custom Searches and Search Properties Enable Alert Notifications Administration Tasks Agent Configurations Coordinator Configuration Purging and Archiving your Change Auditor Database Working with Private Alerts and Reports Generate and Schedule Reports SQL Reporting Services Configuration Change Auditor User Interface Authorization Client Authentication Certificate authentication for client coordinator communication Integrating with On Demand Audit Enable/Disable Event Auditing Account Exclusion Registry Auditing Service Auditing Agent Statistics and Logs Coordinator Statistics and Logs Change Auditor Commands Change Auditor Email Tags

SQL Reporting Services Templates

To create a SQL Reporting Services template:
1
Open the Administration Tasks tab and select Configuration.
2
Select SQL Reporting Services in the Configuration task list to open the SQL Reporting Services page.
3
Use Add to start the SQL Reporting Services wizard to define the report server and data source information.
4
On the first page of the wizard:
Enter a name for the template.
Enter the URL of the SRS server that is to host the Change Auditor reports
For example: http://<SQL_Server>/<ReportServer>
where: <SQL_Server> is the name of the server hosting SRS and <ReportServer> is the name of the report server virtual directory. (In a default Reporting Services installation, the name of the virtual directory is reportserver.)
Enter the user account, credentials and domain for a Windows account the has permissions to copy files to SRS.
* 
NOTE: This Windows account requires rights to create SRS reports and data sources on the server (a.k.a. Content Manager).
Enter the user account and credentials to be used to access the Change Auditor database (data source).
Click Test to verify the credentials entered above.
5
On the second page of the wizard, select the user or group accounts that are authorized to use this template to publish Change Auditor reports to SRS.
* 
NOTE: The user and group accounts entered on this page are the ONLY accounts that are allowed to import the settings in this template to publish Change Auditor reports to SRS. For example, the first time an authorized user selects the Import SRS Settings button on the Reporting Services Setup dialog, the Change Auditor Administrators will not be able to import the settings in this template to publish reports to SRS unless they are also added as an authorized account on this page.
Use the Browse or Search pages to locate and select the accounts to be included in the template. Use the Add button to add these accounts to the list box at the bottom of the page.
6
Select Finish to create the template and return to the SQL Reporting Services page.

Now when an authorized user attempts to publish a report to SRS using the Publish reports to SQL Reporting Services right-click command on the Searches page, they can use the Import SRS Settings button on the Reporting Services Setup dialog to import the settings defined in this template to publish their reports.

To modify a template:
1
On the SQL Reporting Services page, select the template to be modified and select Edit.
2
This displays the SQL Reporting Services wizard, where you can modify the report server and data source settings and authorized accounts included in the template.
3
Click Finish.
To disable a template:

The disable feature allows you to temporarily disable the use of a template without having to remove it from Change Auditor.

1
On the SQL Reporting Services page, use one of the following methods to disable a template:
Click in the Status cell for the template to disable and select Disabled
Right-click the template to disable and select Disable
The entry in the Status column for the template will change to ’Disabled’.
2
To re-enable a template, use the Enable option in either the Status cell or right-click menu.
To delete a template:
1
On the SQL Reporting Services Auditing page, select the template to delete and select Delete | Delete Template
2
A dialog will be displayed confirming that you want to delete the selected template. Select Yes.

SQL Reporting Services Wizard

The SQL Reporting Services wizard is displayed when you select Add on the SQL Reporting Services page. Using this wizard you can define the reporting services and data source information to be included in the template, as well the user and group accounts authorized to use this template to publish reports to SRS.

The following table provides a description of the fields and controls in the SQL Reporting Services wizard.

* 
NOTE: A red flashing icon indicates that you have not yet entered the required information. A green check mark indicates that the required information has been specified and you are ready to proceed.
 
Table 1. SQL Reporting Services wizard
Create or modify a SQL Reporting Services Template page: Use this page to enter a name for the template and credentials to be used to access the SQL Reporting Services server and Change Auditor shared data source.
 

Template Name

Enter a descriptive name for the SQL Reporting Services template being created.

SQL Server Reporting Services
NOTE: SQL Reporting Services must be configured with anonymous access disabled.
NOTE: The account entered in this section requires rights to create SRS reports and data sources on the server (a.k.a. Content Manager).

Report Server URL

Enter the URL for the SQL Reporting Services (SRS) server that will be hosting the Change Auditor reports.

For example: http://<SQL_Server>/<ReportServer>

where <SQL_Server> is the name of the server hosting SRS and <ReportServer> is the name of the report server virtual directory.

User

Enter a user name for a Windows account that has credentials to copy files to a SQL Reporting Service.

Password

Enter the password associated with the user name entered above.

Domain

Enter the domain for the Windows account to be used to access SRS.

Change Auditor Shared Data Source
NOTE: The account specified in this section is used to create and read data from the Change Auditor data source.

Data Source Name

Enter the name of the Change Auditor data source.

Authentication

Select the appropriate authentication method for connecting to the Change Auditor data source:
Windows Authentication - Select this option to use Windows authentication for connecting to the Change Auditor data source.
SQL Server Authentication - Select this option to use SQL Server authentication for connecting to the Change Auditor data source.

User

Enter a user name for the account to be used to access the Change Auditor data source.

Password

Enter the password associated with the user name entered above.

Domain

Enter the domain for the user account to be used to access the Change Auditor data source. This only applies to Windows Authentication.

Test

Use the Test button at the bottom of the dialog to verify the credentials entered in the SQL Server Reporting Services section at the top of the dialog.

Select Accounts Authorized to Use This SQL Reporting Services Service Template page

When you enter a user or group account on this page, you are defining which users/groups are allowed to use this template to publish reports to SRS. That is, only users who are listed on this page (or users in any groups listed on this page) will be able to use the Import SRS Settings button on the Reporting Services Setup dialog to select this SRS template.

 

Browse Page

Displays a hierarchical view of the containers in your environment allowing you to locate and select the user or group account(s) to be included in this template.

Once you have selected an account, use Add to add it to the list box at the bottom of the page.

Search Page

Use the controls at the top of the Search page to search your environment to locate the desired user or group account.

Once you have selected an account, use Add to add it to the list box at the bottom of the page.

Options Page

Use the Options page to modify the search options or global catalog used to retrieve directory objects.

 

Account List

The list box located across the bottom of this page, displays the accounts that are authorized to import the SRS settings in this template to publish Change Auditor reports to SRS. Use the buttons located above this list box to add and remove objects.

Add

Select a user or group in the Browse or Search page and select Add to add it to the list.

Remove

Select an entry from the list and then select Remove to remove it.

 

Change Auditor User Interface Authorization
Introduction
Application User Interface Authorization page
Add task definition
Add role definition
Add application group

Introduction

Role-based access control allows you to assign users/groups to roles based on their job functions and grant these roles permissions to perform related tasks. Role-based access control is broken down into the following entities to define ‘who can do what’:
Operation: a single action that users need to be granted rights to perform
Task: a collection of logically related operations
Role: a logical group of users and the tasks they are allowed to perform

Authorization for using the different features is defined using the Application User Interface Authorization page. From the Administration tab, you can add new task and role definitions or delete user-defined roles and tasks that are no longer required.

By default, the following roles and tasks are defined; therefore, no action is required on your part to start using the client:
AD Protection Role - has access to view Active Directory and Group Policy protection
Administrator Role - has full administrator privileges with access to all aspects of the client, web client and deployment of agents
Operator Role - has only operator privileges with limited access to the client (e.g. these users can define and run searches, but they cannot access the Administration, Statistics or Deployment pages) and access to perform all tasks except the administration functions in the web client
Web Client Shared Overviews Role - has view access to the web client shared overviews; while restricting access to only what has been shared
AD Protection Task - grants access to Active Directory and Group Policy protection tasks
Administrator Task - grants full administrator access
Operator Task - grants operator access only
Restore Value Task - allow use of the Restore Value button in the Event Details pane.
Web Client Shared Overviews Task - grants view access to web client’s shared overviews

During installation, you added user accounts to the Change Auditor security groups (ChangeAuditor Administrators - <InstallationName> and ChangeAuditor Operators - <InstallationName>). These security groups are automatically added as members of the appropriate role (Administrator Role and Operator Role). If applicable, during the web client installation, you may have also added user accounts to the ChangeAuditor Web Shared Overview Users security group. This additional security group is added as a member to the Web Client Shared Overviews role.

* 
NOTE: The Administrator, Operator and Web Client Shared Overviews roles and tasks cannot be removed, renamed or edited.

Using the AD Protection role and task, administrators can specify who is authorized to view protection definitions for Active Directory and Group Policy objects. Using the Restore Value task, administrators can enable and disable the ability to restore values when viewing events in the Event Details pane. See the Quest Change Auditor for Active Directory User Guide for information on restricting access to specific domains and organizational units and restoring values.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating