Open topic with navigation

Controlling Who Has Permissions to Deploy Data Monitors

Data monitor deployment is controlled through User Access Control Lists (ACLs). Administrators can allow or block users for data monitor deployment permissions.

Depending on the permissions associated with the user group to which they belong, users may or may not have options available on their ArcSight Consoles to Enable (deploy) or disable (un-deploy) data monitors. (See also Enabling or Disabling a Data Monitor.)

Administrators (all users belonging to the Administrators user group) have permissions to deploy and undeploy data monitors.

Administrators can grant permissions to deploy or disable data monitors for other non-Administrator through the Users resource Access Control Lists (ACLs) editor, as described in Granting or Removing Operations Permissions. As with user permissions for other resources, these are applied at a user group level. As an administrator, you can grant all users in a given group permission to deploy data monitors. After user groups are set up and appropriate permissions are applied to those groups, you can add new users to appropriate groups, and change access permissions for existing users by moving them in or out of various groups. If you want to allow or disallow a particular user the option to deploy data monitors, move the user in or out of a group that has that permission.

Note: About Write and Deploy permissions

Data monitor deployment is an all-or-nothing permission (it apples to all data monitors), while read and write permissions are specific to each data monitor. So, in some cases a user could have read-only access to one data monitor and read-write access to another. To deploy a data monitor, a user needs both deployment permissions and write permissions. Users with permissions to deploy data monitors can deploy only those data monitors for which they have write permissions. (Fields in the data monitor editor are grayed out for all users without write permission.)

To configure data monitor deployment permissions:

  1. If needed, set up one or more user groups for non-administrator users to whom you want to control permissions to deploy data monitors. For example, at the simplest level you might have a group for analysts and operators who are allowed to deploy data monitors and another for those you want to block from this option.

    See Creating or Editing a User and Managing User Groups for information on adding, deleting, and editing users and user groups.

  2. Follow the instructions provided in Granting or Removing Operations Permissions to grant or remove permission to deploy data monitors to a particular group. As a part of these instructions, you’ll select the Users resource in the navigator, right-click a group and choose Edit Access Control.

  3. In the ACL Editor, click the Operations tab, and click Add.

  4. On the Permissions Selector, select Deploy under Permissions\Shared\All Permissions\ArcSight System\Data Monitor\ and click OK to save the settings and close the dialog.

    The list of Operations is updated to include deployment permissions on data monitors.

    To remove the permission for this group, select the permission and click Delete.

  5. Click OK on the ACL Editor to save your changes.

For information on deploying or disabling data monitors, see Enabling or Disabling a Data Monitor.

For more information on administrator tasks of working with user permissions and ACLs, see Managing Permissions.