09-02-2011 1:25 PM
HI,
we'v just implemented SP5 fpr GRC10.0 and noticed that the Firefighter Controller can read all the activity logs from all the firefighter ID by Super User Management Reports, even if the FFID doesn't belong to him.
Does someone know how to restrict it, so that the FF Controller can just access the FF logs which belong to him?
Thanks a lot!
09-03-2011 5:53 PM
Hi,
I believe the purpose of the SPM reports, such as the Consolidated Log Report, is to allow an individual to gain a comprehensive view into all FF usage - not just that of a single FFID or single FF session.
Personally, I think it is helpful to allow controllers to review activity across many different FFs or sessions, but if you have a specific requirement to limit controllers to only seeing their own FF ID logs (maybe a sensitive data concern coming from another FF ID?), I don't believe you will be able to acheive this by restricting the SPM reports.
As far as I can tell, there are not authorizations or other options to limit the results of this report to your FF IDs only.
By restricting the GRAC_REP authorization object and the GRAC_REPID field, you could choose to take away access to this report(s) and then the controller's couldn't view this data. You could then have them rely on the emailed/workflow driven reports only for their review which would be just a single FFID session.
09-05-2011 1:26 PM
Hi TDCumm16 ,
thank you for your answer, it is very helpful.
I think you are right, we have to go around with the FF Logs Report, if we want to restrict the view of the controllers.