You can define an Access Control Level (ACL) for your auditors that specifies which events they are allowed to view and restricts auditors from authorizing their own activity.
Click on the home page of the console.
Click in the task pane.
To add a new ACL, click in the task pane. To modify an existing ACL, select the required and click in the task pane.
When creating a new user ACL, select the user from the drop-down list.
Click .
At the bottom of the table, select the attribute from the drop-down list that describes the entity to which you want to control access for the selected user.
For example, if you do not want this user to be able to audit Command Control events involving a particular command, click .
In the field, specify the value of the attribute you want to control access to.
For example, if you do not want this user to be able to audit any Command Control events that involve the cat /etc/passwd command, specify this command in this field. You can use wildcard characters in this field.
Set the to allow or deny.
(Optional) Use the arrow buttons to move entries up and down the list.
You might want to do this if, for example, you are allowing the user to access a restricted list of commands, and using the wildcard * to deny access to all other commands. The allowed commands entries must be above the deny all entry. By default, all commands are allowed.
(Optional) Remove an attribute by selecting it and then clicking the button.
(Optional) Modify an entry by selecting it, then specifying the changes.
Click .
Click on the home page of the console.
Click in the task pane.
Select the user for whom you want to delete an ACL.
Click in the task pane.
Click to delete the ACL for the user.