When exposing the operational components of Risk Spotter to Security analysts you are unable to protect the Risk Spotter configuration from being modified. Specifically under "Policy and Related Modules", "Dynamic Auditing".
The most restricted user is able to see the configuration items. With respect to Dynamic Auditing a restricted user is able to access the Dynamic Auditing configuration screen, select, modify and save the Dynamic Monitoring policy.
The only option the restricted user has is NONE. The user can set the policy to NONE and save it. Effectively disabling dynamic monitoring.
We would like to enable Analysts to utilize the operational features of Risk Spotter without unnecessary access to any of the Risk Spotter configuration.
Do not place IBM confidential, company confidential, or personal information into any field.