Managing Archived Records; Access Control Levels; Adding Or Modifying A User Acl - Novell PRIVILEGED USER MANAGER 2.2.1 - ADMINISTRATION GUIDE 03-31-2010 Administration Manual

7.4.7 Managing Archived Records

From the Framework Manager console, you can restore an archive and move archives from an
online state (viewable in the console) and to an offline state (not viewable in the console) and from
an offline state to an online state. You must use the command line options to purge an archive. See
Section 10.7.2, "Managing Compliance Auditor Records," on page
To manage archived records from the console:
1 Click Compliance Auditor on the home page of the console.
2 Click Manage Archives in the task pane.
3 To restore an archive to an online status, select the archive, then click Restore.
4 To move an archive from an online status to an offline status, select the archive, then click
Remove.
5 Click Close.

7.5 Access Control Levels

You can define an Access Control Level (ACL) for your auditors that specifies which events they
are allowed to view and restricts auditors from authorizing their own activity.
Section 7.5.1, "Adding or Modifying a User ACL," on page 136
Section 7.5.2, "Deleting a User ACL," on page 137

7.5.1 Adding or Modifying a User ACL

1 Click Compliance Auditor on the home page of the console.
2 Click Access Control in the task pane.
3 To add a new ACL, click Add User ACL in the task pane. To modify an existing ACL, select the
required User and click Modify ACL in the task pane.
When creating a new user ACL, select the user from the Username drop-down list.
4 Click Add.
5 At the bottom of the table, select the attribute from the drop-down list that describes the entity
to which you want to control access for the selected user.
For example, if you do not want this user to be able to audit Command Control events
involving a particular command, click Command.
6 In the Matches field, specify the value of the attribute you want to control access to.
For example, if you do not want this user to be able to audit any Command Control events that
involve the
wildcard characters in this field.
7 Set the Action to allow or deny.
8 (Optional) Use the arrow buttons to move entries up and down the list.
You might want to do this if, for example, you are allowing the user to access a restricted list of
commands, and using the wildcard * to deny access to all other commands. The
commands
9 (Optional) Remove an attribute by selecting it and then clicking the Remove button.
136 Novell Privileged User Manager 2.2.1 Administration guide
command, specify this command in this field. You can use
cat /etc/passwd
entries must be above the entry. By default, all commands are allowed.
deny all
152.
allowed