IBM Tivoli Monitoring > Version 6.3 Fix Pack 2 > Administrator's Guide > Use role-based authorization policies
IBM Tivoli Monitoring, Version 6.3 Fix Pack 2
Authorization policy auditing
The Authorization Policy Server generates audit messages when a user executes one of the following tivcmd CLI> commands that modify authorization policies: addtorole, copyrole, createrole, deleterole, exclude, grant, removefromrole, and revoke. An audit messages is also generated if a user attempts to execute a tivcmd command that they are not authorized to use. For example, an audit message is generated if a user executes the tivcmd CLI> createrole command but they are not assigned to a role with permission to create roles.
The audit messages use the IBM Tivoli Monitoring audit record format and are written to audit log files on the computer where the Authorization Policy Server is installed. The default location is <JazzSM_install_dir>/AuthPolicyServer/PolicyServer/audit. During installation of the Authorization Policy Server, you can customize the location of the audit log file directory, the maximum size of the audit log files, and the maximum number of audit log files to keep at one time. After installation, you can change these parameters by following the instructions in Change the Authorization Policy Server configuration properties after installation and configuration. Since the Authorization Policy Server is not associated with a monitoring agent, its audit messages cannot be viewed from the Tivoli Enterprise Portal or saved in the Tivoli Data Warehouse . Additionally, you cannot write situations against the audit messages. Instead you must display the audit log files if you want to view the audit messages.
Audit messages for authorization policy enforcement are generated by the dashboard data provider component of the Tivoli Enterprise Portal Server. The dashboard data provider generates an audit message if a user requests attribute group data or situation events for a managed system group or managed system that they do not have view permission for. Audit messages are also generated when authorization policies are downloaded from the Authorization Policy Server and when the policies cannot be retrieved. Since the dashboard data provider is a component of the portal server managed system, these audit messages can be viewed from the Tivoli Enterprise Portal client and saved to the Tivoli Data Warehouse.
For more details on auditing, including how to view audit messages for the portal server and the audit record format, see Audit logging.
Parent topic:
Use role-based authorization policies