Editing Access Control Lists (ACLs)
The user groups ACL Editor has these tabs for viewing or editing permissions on resources, operations, user groups, events, and sortable field sets:
-
Resources tab - Lists all resources available to the user group with either inspect or edit permissions; lets you add custom resources and edit permissions to those resources.
-
Operations tab - Lists operations for which this user group has permissions and lets you add and edit operations permissions. For example, a user group can have permissions to enable or disable data monitors.
-
User Groups tab - Lists the user groups with either inspect or edit access to the selected user group; and lets you add user groups.
-
Events tab - Lists event filters for which this group has permissions and lets you add or remove event filter permissions. This user group is permitted to see and annotate only events from the filters listed in the Events tab. By default, custom user groups inherit their ACL settings for events from the parent group. If the user group has no access to event filters, the behavior is as if the group’s specified filter in the ACL editor were Filters/Shared/All Filters/ArcSight System/Core/No Events.
Note: To view event data in reports and query viewers, a non-administrator user must have Read access to the/All Filters/ArcSight System group. This permission can be set in the Resource tab of the ACL Editor. For more information, see Granting or Removing Resource Permissions. -
Sortable Field Sets tab - Lists sortable field sets for which this user group has permissions.
See also Access Control Lists.
Caution: Always remember to have both ArcSight Console and ArcSight Command Center users log out and log back in after you change user or resource access permissions, so they can experience those changes.
Tip: The Resource ACL display shows relationships between users and groups, and how permissions are acquired for each of the user groups. Child groups inherit permissions from parent groups. For example, consider the following scenario.
-
A user logged in as Administrator (belonging to the group
/All Users/Administrators) has read and write permissions by virtue of being in the Administrators group. -
All users have read permissions because they belong to the group
/All Users/Default User Groups by default. -
A user logged in as an Analyzer Administrator has both read and write permissions because they inherit read permissions from the parent group (
/All Users/Default User Groups) and get write permissions per the Analyzer Administrators child group.