Granting or Removing Resource Permissions

Caution: Be sure to set permissions on resources and permissions on events appropriately for user groups.

Preventing users from viewing groups of resources does not necessarily prevent those same users from viewing event data on those resources.

Users with permissions to view certain events (determined by event filters as described here), can view all event fields for those particular events (in reports, query viewers, and so forth) even if they do not have permissions on some resources reflected in the event data.

For example, a user with no read permissions on an asset could still have permissions to view event data related to the asset, and thereby have access to the data contained in the event fields (such as server name, IP address) in the context of that event.

As a best practice, keep the above in mind when granting permissions on events. Otherwise, you might give some users a view into resource information through event data that you did not intend for them to see.

Where: Navigator > Resources > Users > user group

To grant permissions to resources:

  1. Right-click a user group and select Edit Access Control.

  2. In the ACL Editor, select the Resources tab.

    Available resources are listed based on user permissions, therefore the list of resources will not be the same for each group.

  3. Add or remove permissions on a resource for this user group as follows.

    • To edit permissions on a resource shown in the current list, click the (R) read or (W) write checkbox next to a target resource to add or remove permissions on that resource.

      A checkmark means that this user group has access to the associated resource. A blank checkbox means this group does not have access to the resource.

    • To add permissions for a resource not shown in the current list, select a resource from the Resource drop-down menu at the top of the Resources tab and click Add.

      The resource selector dialog for the chosen resource is displayed. Select the resources you want to add permissions for and click OK.

      The resource you added is listed as a target on the Resources tab and then you can edit its Read/Write permissions as needed.

    • To remove a resource from the list (and remove all permissions on it for this group), select the resource in the list and click Delete. (The Delete button is at the bottom of the Resources tab).

  4. Click OK on the User Group ACL Editor to save changes to Resources permissions.