Administrative Task "Logging" showing in Administrative Role summary and cannot be removed from RSA Authentication Manager 8.x
2 years ago
Originally Published: 2019-08-22
Article Number
000041217
Applies To
RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager 
RSA Version/Condition: 8.x
Platform: SUSE
Issue
In the Security Console the summary of a custom Administrative Role Logging is showing as an Administrative Task and there is no option to edit the permissions when editing the Administrative Role. That can be seen as a security flaw allowing some admins to access a task that they aren't supposed to access. 
 
User-added image
Cause
The affected customer Administrative Role was created in an older version of Authentication Manager (6.x, 7.x) and the configuration was carried over with the migration to 8.x.  However, the Logging Administrative Task is not an option so the Logging permission cannot be edited in 8.x.
Resolution
In Authentication Manager 8.x, logging permissions are only available for users with super admin role, so even if the user is assigned an administrative role that is showing logging permissions, they will not be able to access to change Llogging configuration in the Security Console under Setup > System Settings > Logging

That being said, this can be ignored safely. The issue is just cosmetic and does not affect normal operations. If logging permissions must be removed from the administrative role, delete the admin role and recreate it via Administration > Administrative Roles > Add New. As the new administrative role is created in Authentication Manager 8.x logging will not be an option at all and will not appear in the summary of Administrative Tasks. 
Don't see what you're looking for?