The Master Auditor can grant the Manage Audit Role permission for an installation to one or more audit team leaders. The Manage Audit Role permission grants full control over all of the audit roles in the installation. An audit team leader can then create new roles, change the permissions specific audit roles grant, add or remove members, and remove roles.
When creating an audit role, an audit team leader defines the following:
- Target session type and optional other criteria.
- A collection of rights on the target sessions: Read, Update Status, Replay, and Delete.
For example, an audit team leader might define the following audit roles to control what different team members can do:
- A role named Windows Session Viewer for first level reviewers with a target of Windows sessions and only the right to Read session information. The members of the First Review group who are assigned to the Windows Session Viewer audit role can read, but not delete, replay or update the status of Windows sessions in the installation.
- A role named Incident Escalation for security managers with a target of Windows sessions from the last 72 hours, and permission to Read, Replay, and Update Status for the targeted session. The members of the Security group who are assigned to the Incident Escalation audit role can read, replay, and update the review status of Windows sessions from the previous 72 hours, but not delete any of the sessions they have reviewed.