Configuring permissions for an audit store

To configure audit store security, open the audit store’s Properties page and select the Security tab.

Only users with Change Permission permission on the audit store are allowed to modify the user rights on the Security tab of the audit store’s Properties page.

The following table lists the rights that can be granted to active Directory users or groups, and the operations that the users granted such rights (“trustees”) are allowed to perform.

The audit store administrator by definition has all of these user rights (Full Control).

User Right Allowed Operations

Full Control

  • All of the operations listed in the following rows of this table

Change Permissions

  • Modify permissions on this audit store

Modify Name

  • Modify display name for this audit store

Manage Scopes

  • Add a subnet or active Directory site
  • Remove a subnet or active Directory site

Manage SQL Logins

  • Set the allowed incoming accounts for this audit store’s databases
  • Set the allowed incoming accounts for collectors

Manage collectors

  • Enable collector trusted group for this audit store
  • Add collector to the trusted collector group in this audit store
  • Remove collector from the trusted collector group in this audit store
  • Remove disconnected collector record from this audit store

Manage Audited Systems

  • Enable audited computers trusted group for this audit store
  • Add audited computer to the trusted audited computer group in this audit store
  • Remove audited computer from the trusted audited computer list in this audit store
  • Remove disconnected audited computer record from this audit store

Manage Databases

  • Add audit store database to this audit store
  • Attach audit store database to this audit store
  • Detach an audit store database from this audit store
  • Change active database in this audit store
  • Modify the display name of a version 2 audit store database

Manage Database Trace

  • Enable or disable database trace
  • Export database trace