Administration Guide › Policies › Predefined Access Policies › Examine Policies for Auditors

Examine Policies for Auditors

You can examine the predefined policies for Auditors to see how they limit application access to resources required to perform the following tasks.

• Schedule and annotate reports
• View reports

To examine predefined policies for Auditors

1. Click the Administration tab and the User and Access Management subtab.
2. Click Access Policies in the left pane.
3. Search for policies for Auditors as follows:
   1. Select Show policies matching identity.
   2. Enter ug:Auditor in the Add identity field.
   3. Click Add.
   4. Click Go.

   All policies for [All Identities] and ug:Auditor appear.

4. Examine the Auditor Schedule-Annotate Rights policy.

   All CALM access policies define the actions that can be performed against application-specific resources. This policy grants users assigned the application user group, Auditor, the ability to schedule and annotate reports.

   

   Compare this policy with the Analyst Create-Schedule-Annotate policy and the Administrator Create policy.

5. Examine the Analyst Auditor Report Server Access Policy.

   This scoping policy gives Auditors the ability to set the report destination to any Report Server and to create a federated report, which requires access any Event Log Store. The resource listed in the policy is AppObject, where the application objects are the Report Servers and Event Log Stores.

   

   

   Note: For a given CALM Access policy, that is, policy for the CALM Resource Class, there is typically a related scoping policy for the SafeObject resource class.

6. Examine the Auditor View Report policy.

   This scoping policy grants users read access to reports. The resource listed in the policy is AppObject.

   

   AppObject is limited to a specific application resource with a filter that grants the right to view reports. The path is an EEM folder path that stores the content of all reports.