000037859 - Administrative Task "Logging" showing in Administrative Role summary and cannot be removed from RSA Authentication Manager 8.x

Document created by RSA Customer Support Employee on Aug 30, 2019
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000037859
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager 
RSA Version/Condition: 8.x
Platform: SUSE
IssueIn the Security Console the summary of a custom Administrative Role Logging is showing as an Administrative Task and there is no option to edit the permissions when editing the Administrative Role. That can be seen as a security flaw allowing some admins to access a task that they aren't supposed to access. 
User-added image
CauseThe affected customer Administrative Role was created in an older version of Authentication Manager (6.x, 7.x) and the configuration was carried over with the migration to 8.x.  However, the Logging Administrative Task is not an option so the Logging permission cannot be edited in 8.x.
ResolutionIn Authentication Manager 8.x, logging permissions are only available for users with super admin role, so even if the user is assigned an administrative role that is showing logging permissions, they will not be able to access to change Llogging configuration in the Security Console under Setup > System Settings > Logging

That being said, this can be ignored safely. The issue is just cosmetic and does not affect normal operations. If logging permissions must be removed from the administrative role, delete the admin role and recreate it via Administration > Administrative Roles > Add New. As the new administrative role is created in Authentication Manager 8.x logging will not be an option at all and will not appear in the summary of Administrative Tasks.