Symantec Security Expressions Server User Manual
Page 25
Configure Servers
17
Item Rights
The Item Rights options, found on the Page Access page, let you list which Windows User Groups
are allowed to do the following:
Edit Private Items
Allow others to modify items that are normally exclusive to the user who created them, such
as My Machine Lists and scheduled tasks.
Miscellaneous Target
Usually, the View Audit Results setting for scopes and machine lists controls access to most
audit results, since most audits involve a scope or machine list. In the rare cases where 1) an
audit doesn't involve a scope (computer audited individually) and 2) the computer isn't part of
any machine list (whether or not a machine list was used in the audit), access to the audit
results are controlled with this setting instead. Users with this right can view results from
these kinds of audits.
Possible cases include the following, only when the computers audited don't belong to any
machine list:
• self-service audits
• instant audits performed in the console application's Audit tab, not using a machine
list
• audits activated through the Web-services layer not using a machine list (see the
SecurityExpressions Web Services API Guide for more information)
Remediate Miscellaneous Targets
Usually, the View Audit Results setting for scopes and machine lists controls access to most
audit results, and therefore remediation of audit results, since most audits involve a scope or
machine list. In the rare cases where 1) an audit doesn't involve a scope (computer audited
individually) and 2) the computer isn't part of any machine list (whether or not a machine list
was used in the audit), access to the audit results are controlled with this setting instead.
Users with this right can view results from these kinds of audits.
Possible cases include the following, only when the computers audited don't belong to any
machine list:
• self-service audits
• instant audits performed in the console application's Audit tab, not using a machine
list
• audits activated through the Web-services layer not using a machine list (see
SecurityExpressions Web Services API Guide
for more information)
Super User Access
Administrators of the product need to modify all configurable items (scopes, scheduled tasks,
etc.)and view audit results, whether or not they're listed in the Windows User Groups with
access to a configurable item or its audit results, and regardless of who owns private items
such as My Machine Lists and scheduled tasks. We recommend entering a Windows User
Group consisting of all product administrators here to ensure they're never locked out of audit
results, configurable items, and private items.
Global Machine List Access: User Roles