Filter Activity Monitor Events Based on Administrator Scope of Authorization

You can filter Authentication Activity Monitor events based on administrator scope of authorization. Administrators with restricted scope permissions, such as Help Desk Administrators, are able to view only those events that are within the scoped security domain of the administrator.

Procedure 

1. Log on to the appliance using an SSH client.

2. Change directories:

   cd /opt/rsa/am/utils

3. Run one of the following commands:

   • To restrict logging to the scoped security domain of the Security Console administrator, type the following, and then press ENTER:

     ./rsautil store -a add_config auth_manager.activity_monitor.scope_security_domain true GLOBAL 500

   • To undo the change, type the following, and then press ENTER:

     ./rsautil store -a update_config auth_manager.activity_monitor.scope_security_domain false GLOBAL 500

4. When prompted, enter your Operations Console administrator User ID, and press ENTER.

5. When prompted, enter your Operations Console administrator password, and press ENTER.

6. Restart all AM services on the primary instance and each replica instance:

   cd /opt/rsa/am/server

   ./rsaserv restart all