Configuring ELM Server Security

<< Click to Display Table of Contents >>

Navigation:  Technical Resources > Security Guide >

Configuring ELM Server Security

ELM integrates with Windows security to provide item-level security on objects and items within the ELM Console. This enables you to selectively set security on the individual objects and containers, including:

ELM Server

Agents

Monitoring Categories

Monitor Items

Event Filters

Notification Methods

Event Views

Performance Data container

Performance Counters

Configuring Integrated Security

To view or configure security on an item:

1.Right-click on the item you wish to secure and select Security. If Security is not an option on the context menu, you are not able to secure this item.

2.The permissions for the item and the list of Access Control Entries (ACEs) will be displayed.

 

Click the Add button to add a user or group to the list of ACEs.

Click the Remove button to remove the selected user or group from the list of ACEs.

Click the Advanced button to view and modify advanced security settings such as Special Access and Inheritance.

 

ELM supports auditing of access and modification to ELM Server Objects. When ELM is installed, the ELM Server service account user is added to the "Generate security audits" Security Policy. This is so if auditing is turned on for ELM objects, and "Audit object access" is turned on in the Audit Policy settings, ELM will write out an audit trail for ELM object changes.  In order to audit activity on ELM Server Objects, you must enable File and Object Access auditing on the ELM Server. On a Windows system, this is typically done using a security-policy snap-in (e.g., the Local Security Policy snap-in).

Note
As a failsafe mechanism, an ELM Server ignores all security settings when the ELM Console is run in the security context of the ELM Server service account. This is done intentionally to prevent administrators from inadvertently locking themselves out of objects. If you log on to the ELM Server using the ELM Server service account, you will be able to configure all objects, settings and features. Security will not be enforced for the session.

Configuring Auditing

To view or configure auditing on an item:

1.Right-click on the item you wish to secure and select Security. If Security is not an option on the context menu, then you are not able to secure or audit access to this item.

2.Click the Advanced button.

3.Select the Auditing tab.

4.Click the Add button to add a user, group, or multiple users/groups to the list of Audit entries, then click OK. Click the Edit button to edit an existing entry, or the Remove button to remove an existing entry.

5.The Auditing Entry dialog will appear. Select the items for Success and/or Failure that you wish to audit by clicking the desired checkboxes so that they are checked.

6.Select whether the audit level should apply to this object, or to this object and all child objects, from the Apply onto dropdown list.

7.Click OK to save the changes, then click Apply to apply them.

8.Click OK twice to exit the Security dialogs.