立即与支持人员聊天
与支持团队交流

Change Auditor 7.4 - User Guide

Change Auditor Overview Agent Deployment Change Auditor Client Overview Overview Page Searches Search Results and Event Details Custom Searches and Search Properties Enable Alert Notifications Administration Tasks Agent Configurations Coordinator Configuration Purging and Archiving your Change Auditor Database Disable Private Alerts and Reports Generate and Schedule Reports SQL Reporting Services Configuration Change Auditor User Interface Authorization Client Authentication Certificate authentication for client coordinator communication Integrating with On Demand Audit Enable/Disable Event Auditing Account Exclusion Registry Auditing Service Auditing Agent Statistics and Logs Coordinator Statistics and Logs Change Auditor Commands Change Auditor Email Tags

Change Auditor User Interface Authorization

Introduction

Role-based access control allows you to assign users/groups to roles based on their job functions and grant these roles permissions to perform related tasks. Role-based access control is broken down into the following entities to define ‘who can do what’:

Authorization for using the different features is defined using the Application User Interface Authorization page. From the Administration tab, you can add new task and role definitions or delete user-defined roles and tasks that are no longer required.

By default, the following roles and tasks are defined; therefore, no action is required on your part to start using the client:

During installation, you added user accounts to the Change Auditor security groups (ChangeAuditor Administrators - <InstallationName> and ChangeAuditor Operators - <InstallationName>). These security groups are automatically added as members of the appropriate role (Administrator Role and Operator Role). If applicable, during the web client installation, you may have also added user accounts to the ChangeAuditor Web Shared Overview Users security group. This additional security group is added as a member to the Web Client Shared Overviews role.

Using the AD Protection role and task, administrators can specify who is authorized to view protection definitions for Active Directory and Group Policy objects. Using the Restore Value task, administrators can enable and disable the ability to restore values when viewing events in the Event Details pane. See the Quest Change Auditor for Active Directory User Guide for information on restricting access to specific domains and organizational units and restoring values.

Application User Interface Authorization page

The Application User Interface Authorization page is displayed when Application User Interface is selected from the Configuration task list in the navigation pane of the Administration Tasks tab.

From this page, you can define who is authorized to perform the different operations available in the Change Auditor client, including performing the administrative tasks listed on the Administration Tasks tab and defining search criteria.

The Application User Interface Authorization page contains an expandable view of the role and task definitions which define role-based access. To add a role or task, use the appropriate Add tool bar command: Add | Add Role Definition or Add | Add Task Definition.

Once added, the following information is provided for each definition:

Click the expansion box to the left of a Role Definition to expand this view and display the following details:

Add task definition

A task is a collection of operations and sometimes lower-level tasks that can be performed.

2
Select Application User Interface in the Configuration task list to open the Application User Interface Authorization page.
3
Expand Add and click Add Task Definition.
To add a lower-level task, click Add Task and select a task from the Authorizations: Task Definitions dialog.
To add an operation, click Add Operation and select one or more operations from the Authorizations: Operations dialog.
6
Click OK to save your new task definition and close the Authorizations: Task dialog.
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级