You can give an administrator permissions for:
To define an administrator with these permissions:
To Create an Administrator
The New Administrator window opens.
Note - If you cannot clear a resource selection, the administrator access to it is mandatory, and you cannot make it invisible
Some resources do not have the Read or Write option. You can only select (for full permissions) or clear (for no permissions) these resources.
In the Profile object, select the features and the Read or Write administrator permissions for them.
Monitoring and Logging Features
These are some of the available features:
Events and Reports Features
These are the permissions for SmartEvent:
In Multi-Domain Security Management, each Event and Report is related to a Domain. Administrators can see events for Domains according to their permissions.
A Multi-Domain Security Management Policy administrator can be:
If you do not want to centrally manage administrators, and you use the local administrator defined for the SmartEvent Server, run this CLI command on the SmartEvent Server:
cpprod_util CPPROD_SetValue FW1 REMOTE_LOGIN 4 1 1
You can define a special permission profile for administrators that only see and generate SmartEvent reports. With this permission profile, Administrators can open SmartConsole, but in the Logs & Monitor view can see only Reports. They cannot access other security information in SmartEvent. You can configure this permissions profile to apply to the Application & URL Filtering blade only, or apply to all blades.
To create a SmartEvent report-only permissions profile:
The profile shows in the Permission Profiles page.
Administrators with SmartEvent access permissions can be limited with access list settings based on IP address, a network or a host name.
This list is a subset of the GUI clients’ access configuration as defined on the relevant Security Management Server or a Multi-Domain Security Management. Administrators that are not configured as part of the GUI client list cannot access SmartEvent even if they are defined in the access list.
Note – The access list feature is not supported on standalone configuration with MultiPortal.
To configure the access list:
access_list
under $RTDIR/smartview/conf
$RTDIR/scripts/stopSmartView
$RTDIR/scripts/startSmartView