So I created a couple test users in my lab, an Auditor role and a Monitor role. Using the "Rules" section as an example, this is what the Monitor user has:
And if I log in as that user and try to access the Rules, I can't:
So then I logged in as the Auditor user, that has these permissions:
I can access rules, but I can't make changes to the rules or their states:
The "Audit" permission is basically just flagging that any access (or changes, if allowed) by that user will be audited with InternalAuditSuccess (or rarely, Failure) events in LEM.
Modify / Access are the actual "permissions" that dictate whether a change can be made.
Here's the role summary from the user guide:
- Administrators are users who have full access to the system, and can view and modify everything.
- Auditors are users who have extensive view rights to the system, but cannot modify anything other than their own filters.
- Monitors are users who can access the Console, but cannot view or modify anything, and must be provided a set of filters.
- Contacts are users who cannot access the Console, but do receive external notification.
- Guests are users who have extensive view rights to the system, but cannot modify anything other than their own filters.
My guess is that you and your co-admin should be administrator users and others should be auditor users (can see everything but can't make configuration changes).