Administrator Permission Profiles

You can give an administrator permissions for:

• Monitoring and Logging
• Events and Reports

To define an administrator with these permissions:

1. Define an administrator or an administrator group.
2. Define a Permission Profile with the required permissions in SmartConsole (Manage & Settings > Permission Profiles).
3. Assign that profile to the administrator or to the administrator group.

Configuring Permissions for Monitoring, Logging, Events, and Reports

In the Profile object, select the features and the Read or Write administrator permissions for them.

Monitoring and Logging Features

These are some of the available features:

• Monitoring
• Management Logs
• Track Logs
• Application and URL Filtering Logs

Events and Reports Features

These are the permissions for SmartEvent:

• SmartEvent
  • Events - views in SmartConsole > Logs & Monitor
  • Policy - SmartEvent Policy and Settings on SmartEvent GUI.
  • Reports - in SmartConsole > Logs & Monitor
• SmartEvent Application & URL Filtering reports only

Multi-Domain Security Management

In Multi-Domain Security Management, each Event and Report is related to a Domain. Administrators can see events for Domains according to their permissions.

A Multi-Domain Security Management Policy administrator can be:

• Locally defined administrator on the SmartEvent Server.
• Multi-Domain Server Super User defined on the Multi-Domain Server.
• An administrator with permissions on all Domains. Select the Domains in SmartEvent, in Policy > General Settings > Objects > Domains. This type of administrator can install a Policy, and can see events from multiple Domains.

SmartEvent Reports-Only Permission Profile

You can define a special permission profile for administrators that only see and generate SmartEvent reports. With this permission profile, Administrators can open SmartConsole, but in the Logs & Monitor view can see only Reports. They cannot access other security information in SmartEvent. You can configure this permissions profile to apply to the Application & URL Filtering blade only, or apply to all blades.

To create a SmartEvent report-only permissions profile:

1. In SmartConsole, click Manage & Settings > Permissions Profiles.
2. In the Permission Profiles page, select a permission profile, or click the New button and create a permission profile.
3. Select Customized.
4. On the Events and Reports page, select SmartEvent Reports.
5. Clear all other options.
6. On the Access Control, Threat Prevention, and Others pages, clear all options.
7. On the Monitoring and Logging page, select all features, with Write permissions.
8. Click OK.

   The profile shows in the Permission Profiles page.

9. Assign the SmartEvent Reports Only permissions profile to administrators.
10. Publish the changes.
11. Install the policy.

SmartView access list for administrators

Administrators with SmartEvent access permissions can be limited with access list settings based on IP address, a network or a host name.

This list is a subset of the GUI clients’ access configuration as defined on the relevant Security Management Server or a Multi-Domain Security Management. Administrators that are not configured as part of the GUI client list cannot access SmartEvent even if they are defined in the access list.

Note – The access list feature is not supported on standalone configuration with MultiPortal.

To configure the access list:

1. On the SmartEvent machine, create a file named access_list under $RTDIR/smartview/conf
2. Enter a list of granted clients separated by a new line.
3. These are the supported types:
   • Specific IP address (e.g. 192.168.0.10)
   • IP range (e.g. 192.168.0.10-192.168.0.20)
   • Network (e.g. 192.168.0.0/255.255.255.0)
   • IP address wildcard (e.g. 192.168.0.*)
   • Hostnames (e.g. ADMIN-PC)
4. Restart SmartView
   • $RTDIR/scripts/stopSmartView
   • $RTDIR/scripts/startSmartView