Go Up
You are here: AdministrationRole-Based Access and Delegation

Role-Based Access and Delegation

Security and awareness of who has access to what is crucial for every organization. Besides notifying you on who changed what, when and where, and who has access to what in your IT infrastructure, Netwrix pays attention to safety of its own configuration and collected data.

To keep the monitoring process secure, Netwrix suggests configuring role-based access. Delegating control ensures that only appropriate users can modify the product configuration or view audit data, based on your company policies and the user's job responsibilities.

Roles are described briefly in the table below and explained in the further detail in the next topic.

Role Access level Recommended use

Global administrator

Full control. Access to global settings, monitoring plan configuration, collected data, access delegation, etc.

The role should be assigned to a very limited number of employees—typically, only the owner of the Netwrix Auditor Server host in your environment.

By default, the user who installed Netwrix Auditor is assigned the Global administrator role. All members of the local Administrators group are Global administrators too.

Configurator

Access to monitoring plan configuration within the delegated scope: a monitoring plan or a folder with monitoring plans

The role is appropriate for system administrators, infrastructure engineers, and members of operations team who manage network and services in your organization but should not have access to sensitive data.

Global reviewer

Access to all data collected by Netwrix Auditor and intelligence and visibility features.

The role is appropriate for key employees who need to review audit data collected across various data sources—typically, IT managers, chief information security officer, and so on.

Reviewer

Access to data collected by Netwrix Auditor and intelligence and visibility features within the delegated scope.

The role is appropriate for members of security team and helpdesk personnel who are responsible for mitigating risks in a certain sector of your environment (e.g., domain, file share).

This role is granted to specialists who use Netwrix Auditor Integration API to retrieve data from the Audit Database.

Contributor Write access to Netwrix Auditor Server and Audit Database.

This service role is granted to specialists who use Netwrix Auditor Integration API to write data to the Audit Database. This role is also granted to service accounts or any accounts used for interaction with Netwrix Auditor Server (e.g., add-on scripts).

Go Up