Events generated by specific users can be audited by using the User policy containing that user. This policy contains a list of users and an action flag for each user. The action for the event generated by the specific user will be executed based on the corresponding action flag.
To create and associate a User policy:
Select a container.
Click New > Object > New naasUserpolicy.
Specify a name for the new policy > click Define Additional Properties > click OK.
The Properties page is displayed.
Add the users whose actions are to be audited, with an appropriate action flag for each user.
Make this policy applicable to appropriate audited objects.
Grant the appropriate Audit agent objects Read rights to this policy.
NOTE: For auditing events generated by specific users, an Event policy must also be present. In the Event policy, if the filter condition for any event is set to DON'T CARE or the action flag is set to IGNORE, the User policy will not be applied for that event. In this case, the event will be audited irrespective of the user who generated it. The filtering condition should be set to either AND or OR for the event to be audited based on the corresponding user.