Managing audit roles and auditors

Audit roles grant access to auditors to search, replay, and delete specific audited sessions using the Audit Analyzer console. Each audit role identifies a set of audited sessions, the list of auditors who have access to those sessions, and what the auditors in a specific role are allowed to do.

You identify a set of sessions by specifying criteria you want to use, for example, all sessions from a particular audited computer, associated with a specific application, or recorded during a specific period of time.

You identify the auditors for a set of sessions by specifying individual Active Directory users or Active Directory groups of auditors. If you use Active Directory groups, you can manage the privileges for all of the members of the group using your existing procedures for managing Active Directory groups. You can also configure the type of access granted to each member of the audit role.

You create and assign users and groups to audit roles using the Audit Manager console. You create the audit roles by right‑clicking on the Audit Roles node. You add users and groups to an audit role by right-clicking on the specific role name.

Every installation automatically has a Master Auditor role. The Master Auditor has access to all audit data and permission to read, replay, update the review status, and delete sessions for the entire installation. The Master Auditor can also create roles, assign users, set permissions, and delegate administrative tasks for all of the audit stores in the installation. You cannot rename, delete, or modify permissions for the Master Auditor, but you can assign other users and groups to the Master Auditor role.