Configuring permissions for the management database

If you are the Master Auditor or have Change Permission rights, you can modify the rights granted to Active Directory users or groups. When you enable rights for designated users and groups, you make them “trustees” with permission to perform specific operations.

To configure audit store security:

  1. Open Audit Manager.
  2. Select the installation name, right-click, then select Management Database.
  3. Click Properties.
  4. Click the Security tab.
  5. Click Add to add Active Directory users or groups to the list of trustees who granted any type of rights on this management database.
  6. Select a user or group listed, then select the appropriate rights for that trustee, then click OK.

    The following table lists the rights available.

    Select this permissionTo grant these rights to a trustee

    Full Control

    • All operations on the management database.

    Change Permissions

    • Modify permissions on the management database.

    Modify Name

    • Modify display name for this management database.

    Manage Scopes

    • Add a subnet or Active Directory site to the management database.
    • Remove a subnet or Active Directory site from the management database.

    Manage SQL Logins

    • Set the allowed incoming accounts for the management database. Database owner is by definition an allowed user.
    • Set the outgoing account for the management database.

    Remove Database

    • Remove this audit management database from the installation.

    Manage Database Trace

    • Enable or disable database trace.
    • Export database trace.