Security for Console Log Viewing

Administering Critical Events › Understanding Configuration Manager › Event Console › Security for Console Log Viewing

Security for Console Log Viewing

Security Management support for console log viewing lets you restrict message access to authorized users and user groups. By defining console view objects to the Management Database, you can filter messages from the console logs, thereby limiting access to sensitive messages.

Security Management provides two asset types for defining console log message access:

CA-CONVIEW--Event Management treats each console view record as an asset of this type. You can define rules to control user and user group permissions for creating, modifying, deleting, or listing these console view objects.
CA-CONVIEW-ACCESS--When users select the console log, access granted or denied by use of this asset type determines the view. You can define this asset type through Event Management or through Security Management user and user group profiles. By attaching a CA NSM calendar to definitions of this asset type, you can restrict console log access to specific times. For example, assume that USER1 is limited to VIEW1 Monday through Friday during regular business hours, but only to VIEW2 outside of normal business hours; you could enforce these restrictions using a CA NSM calendar.

For detailed descriptions of these asset types, see the Asset Types Table in the online CA Reference.

Important! To enforce your access rules, you must define users in FAIL mode. The only Enforcement mode that results in access being denied is FAIL mode, whether set explicitly in the user profile or implicitly by referring to a System Violation Mode of FAIL in the user profile.

After defining console view access rules, you can execute the commit process to put them into effect.

Users accessing the console log can choose from a list of console views associated with their user IDs. If no console view access rules exist for a user, the entire console log appears. When a user is removed from the console view definition, that view is no longer available to the user.