|Applies To||RSA Product Set: SecurID|
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
|Issue||In the Security Console the summary of a custom Administrative Role Logging is showing as an Administrative Task and there is no option to edit the permissions when editing the Administrative Role. That can be seen as a security flaw allowing some admins to access a task that they aren't supposed to access. |
|Cause||The affected customer Administrative Role was created in an older version of Authentication Manager (6.x, 7.x) and the configuration was carried over with the migration to 8.x. However, the Logging Administrative Task is not an option so the Logging permission cannot be edited in 8.x.|
|Resolution||In Authentication Manager 8.x, logging permissions are only available for users with super admin role, so even if the user is assigned an administrative role that is showing logging permissions, they will not be able to access to change Llogging configuration in the Security Console under Setup > System Settings > Logging. |
That being said, this can be ignored safely. The issue is just cosmetic and does not affect normal operations. If logging permissions must be removed from the administrative role, delete the admin role and recreate it via Administration > Administrative Roles > Add New. As the new administrative role is created in Authentication Manager 8.x logging will not be an option at all and will not appear in the summary of Administrative Tasks.