Creating custom user roles


EventLog Analyzer allows you to create custom user roles in addition to the default Admin, Operator, and Guest roles. Custom user roles enable you to have multiple user groups depending on the level of control and access that users need in EventLog Analyzer. Custom user roles help you adopt the principle of least privilege (POLP) while adding users and assigning roles to them.

Steps to create a Custom User Role

  1. In EventLog Analyzer, navigate to Settings → Admin Settings → Technicians and Roles.
  2. Click on the Manage Roles button.
  3. To create a new role, click on +Add New Role.
  4. In the Add New Role page, enter an appropriate role name in the Role Name section.
  5. Click on the Description link next to the Role Name field to enter a description for the role you want to create.
  6. You will see multiple tabs such as Home, Reports, Compliance, Correlation, Alerts, Settings, and Others. You can click on the checkbox provided for each of these tabs to allow the role to have all the permissions associated with the selected tabs. You can also navigate to each of these tabs individually and select the required permissions.
    • Under the Home tab, you can see two sections: Dashboard and View the Log Sources. In the Dashboard section, you can allow users to view, and create and manage the dashboard. In the View the Log Source section, you can assign permissions to view device, application, and file integrity monitoring logs. You can also click on the checkboxes next to the Dashboard and View the Log Sources section to select all the options present under them.
    • Under the Reports tab, you can specify if the user can view, schedule, and create reports by selecting the appropriate checkboxes. You can select all permissions associated with the Reports section by choosing General.
    • Similarly, under the Compliance tab, you can choose if the user can view, create, and schedule compliance reports. You can click on the General checkbox if you want the user to have all permissions related to the Compliance tab.
    • Under the Search tab, you can choose if you want to allow the user to perform search operations on the collected logs.
    • Under the Correlation tab, you can find the Correlation and Activity Monitoring sections. In the Correlation section, you can choose if you want the role to view correlation reports, schedule them, and create and manage correlation rules and custom correlation actions. In the Activity Monitoring section, you can choose if the role can view and schedule activity monitoring reports, and create and manage activity monitoring rules.
    • Under the Alerts tab, you can find three sections: Alerts, Incident Workflows, and Ticketingstrong> Tools. In the Alerts section, you can specify if you want the role to view generated alerts, and manage alert profiles and alert assigning rules by clicking on the appropriate checkbox. In the Incident Workflows section, you can select if the role can manage incident workflows. In the Ticketing Tools section, you can allow the role to configure ticketing tools.
    • Under the Settings tab, you can find three tabs on the left pane: Log Source Configuration, Admin Settings, and System Settings. The Log Source Configuration tab contains multiple sections -- in which you can choose if you want the user to have permissions to configure and manage devices, applications, databases, virtual machines, and the File Integrity Monitoring component. In the Admin tab, you can choose whether the user can configure and manage domains, workgroups, and agents. In the System Settings tab, you can specify the permissions for managing general and system settings.
    • home-reports

    • Under the Others section, you can specify if the user can view product support related information, supported log sources, and notifications.
  7. After choosing all the required permissions, click on Create to create the custom user role.

Steps to add a technician to a role

  1. In EventLog Analyzer, navigate to Settings → Admin Settings → Technicians and Roles.
  2. In the Technicians page, click on +Add Technician.
  3. Enter a name for the technician in the Technician Name field.
  4. Enter a new password and confirm it in the respective fields.
  5. Enter the email address of the technician in the Email field.
  6. In the Roles drop-down box, choose the role(s) you want to assign to the technician. You can assign more than one role to the technician and permissions of all the selected roles will be assigned to the technician.
  7. Select the required device group(s) from the Device Groups drop-down box and click on Add to assign a role to a technician.
  8. Steps to add a technician to a role

Viewing the created Custom User Role

In EventLog Analyzer, you can view all the default and custom user Roles by navigating to Settings → Admin Settings → Technician and Roles → Manage Roles. The role names, descriptions, and the number of technicians associated with each role will be displayed in a table. The Actions column of the table contains Click to Copy, Edit, and Delete icons to enable you to perform the required management actions. The Click to Copy option allows you to copy the permissions associated with an existing role to a new role -- which you can later edit as per your needs.

Viewing the created Custom User Role

Get download link