Lock down security administration (optional)

To protect investigations and keep security incidents private, you can restrict Security Incident Response access to security-specific roles and ACLs. Non-security administrators can be restricted from access, unless you expressly allow them entry.

Before you begin

When the Security Incident Response application is activated, the System Administrator user is granted the sn_si.admin role by default. The System Administrator is the only administrator who can set up security groups and users.

A security role is required to have access to Security Incident Response features and records.

Role required: sn_si.admin

Procedure

  1. After the Security Incident Response plugin has been activated, a user with the admin role assigns the Security Admin (sn_si.admin) role to at least one user.
  2. The user with the admin role changes to the Security Incident scope.
  3. Navigate to System Applications > Applications.
  4. Click Downloads.
  5. Type security in the Search applications field.
    System application
  6. Click Security Incident.
  7. Scroll down to the Related Links and click Remove from the role contained by admin.
  8. Log out and log back in.
    The admin user cannot access the Security Incident Response application.