Configuring permissions for an audit store

To configure audit store security, open the audit store’s Properties page and select the Security tab.

Only users with Change Permission permission on the audit store are allowed to modify the user rights on the Security tab of the audit store’s Properties page.

The following table lists the rights that can be granted to active Directory users or groups, and the operations that the users granted such rights (“trustees”) are allowed to perform.

The audit store administrator by definition has all of these user rights (Full Control).

User Right	Allowed Operations
Full Control	All of the operations listed in the following rows of this table
Change Permissions	Modify permissions on this audit store
Modify Name	Modify display name for this audit store
Manage Scopes	Add a subnet or active Directory site Remove a subnet or active Directory site
Manage SQL Logins	Set the allowed incoming accounts for this audit store’s databases Set the allowed incoming accounts for collectors
Manage collectors	Enable collector trusted group for this audit store Add collector to the trusted collector group in this audit store Remove collector from the trusted collector group in this audit store Remove disconnected collector record from this audit store
Manage Audited Systems	Enable audited computers trusted group for this audit store Add audited computer to the trusted audited computer group in this audit store Remove audited computer from the trusted audited computer list in this audit store Remove disconnected audited computer record from this audit store
Manage Databases	Add audit store database to this audit store Attach audit store database to this audit store Detach an audit store database from this audit store Change active database in this audit store Modify the display name of a version 2 audit store database
Manage Database Trace	Enable or disable database trace Export database trace