cancel
Showing results for 
Search instead for 
Did you mean: 

Need New User Role - Separation of Duties for Better Security and Operation Management (case #526663)

Need New User Role - Separation of Duties for Better Security and Operation Management (case #526663)

Hello!

Currently Security Engineers/Administrators are usually assigned with LEM Administrator role and responsible for creating and managing those security /correlation rules. LEM Administrator role has the power to create LEM rules with actions like Shutting down or restarting servers. This generates a big issue, actually a show stopper at implementation. Shutting down or restarting servers are really System Administrator's duty, not Security Administrator's. With FISMA, PCI compliance and SANS top 20 security controls, separation of duties is a must requirement. Think if you were Windows Admin who is responsible for Windows Domain controller, you wouldn’t want to be called midnight because a LEM Security Admin's rule that shut down his domain controller.

Thanks,

Lucy

1 Comment
agusst
Level 11

I've seen a couple requests like this....I'll just add, it would be nice to either be able to create, copy, or modify existing roles....as stated, we have some junior level admins that we want to limit their ability to do some things and not others....the choices available don't fit what we need.