Can I delegate an Assistant Admin the ability to view and manage the Security log in Event Viewer us (NETIQKB6721)

  • 7706721
  • 02-Feb-2007
  • 19-Jun-2007

Resolution

goal
Can I delegate an Assistant Admin the ability to view and manage the Security log in Event Viewer using Directory and Resource Administrator?

fact
Directory and Resource Administrator 6.x

fact
Directory and Resource Administrator 7.x

fix

Assistant Admins can launch 'Event Viewer' and view\manage the Security, Application or System logs through the Directory and Resource Administrator (DRA) console.  The Event Viewer is launched under the security context of the Assistant Admin's logged in account.  Once launched the Assistant Admin will be able to view or manage the logs based on the rights granted to the logged in account.  There are no powers or roles in DRA, which can be delegated to an Assistant Admin to allow the user to view the Security, Application or System logs. 

To delegate powers over the Security, Application or System logs using DRA the following workaround can be implemented:

  1. Create a group and assign the newly created group access to the 'Security' logs using Native tools.
  2. Create an 'ActiveView' and grant an Assistant Admin the ability to manage group membership for this newly created group.
  3. The Assistant Admin assigned to the ActiveView in step 2 will now be able to add\remove users from this newly created group using DRA.  Adding\Removing users from this group will control their access to the log, thus allowing Assistant Admins to manage and provide users access to the Security, Application and System logs.


Additional Information

Formerly known as NETIQKB6721