Events scoping and privileges to view incidents
search cancel

Events scoping and privileges to view incidents

book

Article ID: 211165

calendar_today

Updated On:

Products

Information Centric Analytics

Issue/Introduction

This article addresses the following conditions:

  1. A user with portal access to the Information Centric Analytics (ICA) console performs a search using the Global Search field for a specific DIM incident or event ID. No results are returned. A user with administrative privileges is able to successfully perform the same search and view the incident's or event's details.
  2. A dashboard widget based on an Analyzer view displays a different incident or event count for different portal users.

Environment

Release : 6.x

Component : Privileges

Cause

Portal user access to view DIM incidents and events (Authentication, Endpoint Protection, Web Activity) can be controlled by events scoping privileges assigned to users and roles. A portal user must have access to an incident's organization, country, and policy in order to view the incident. For example, if a user has access to view all organizations and all countries but only policy x, the user can only view DIM incidents generated by policy x.

Likewise, incident dashboards based on Analyzer views will return a count of only those incidents to which a portal user has sufficient privileges. 

Resolution

If a portal user is unable to view an incident that is otherwise available to an unrestricted or admin user, or if incident counts in dashboards differ between users, check the privileges for the affected portal user's account and role by navigating in the console to Admin > Privileges > Portal Users. Edit the user and navigate to the Events Scoping section of the Edit Portal User window. Compare the scoping enabled for the user under Organizations, Countries, and Policies to the organization, country, and policy or policies associated with the incident in question. After confirming these settings, navigate to the Portal Roles tab and review the same settings for any role currently assigned to the user.

Additional Information

For more information on events scoping and privileges, refer to the following section of the ICA Administrator Guide:

User and Role Configuration

https://techdocs.broadcom.com/us/en/symantec-security-software/information-security/information-centric-analytics/6-6/Administrator-Guide/privileges/userRoleConfiguration2.html