Controlling access to the log data


As an administrator, leverage BMC Helix Log Analytics to restrict user access to specific data by using data-level access control.

The following video (2:00) provides an overview of data-level access control.


icon-play@2x.pnghttps://youtu.be/Jl4U41-QQ9s?si=03orUb07j0ekgj0r   


Log events are generated in BMC Helix Operations Management when the collection and alert policies are aligned. Assigning the same user group to both policies ensures consistent data handling and accurate correlation between logs and alerts for efficient event management.

  • Collection policy: Determines which logs are gathered from your applications.
  • Alert policy: Defines the conditions that trigger alerts based on the collected log data.


Benefits of using data-level access control

You can enhance security by ensuring that policies and data are accessible only to authorized users and user groups.


Scenario: Apex Global achieves data security

Tina is a tenant administrator at Apex Global. The company uses BMC Helix Log Analytics to collect and analyze logs. Apex Global has implemented data-level access control to manage access to the data based on user groups.

Tina has created the following policies:

  • Collection policy 1
  • Collection policy 2
  • Alert policy 1
  • Alert policy 2

Let's see how data-level access control works for Jane and Otto, two operators at Apex Global.

Jane: Service operator

Jane is a member of the Service operators user group, which is linked to Collection policy 1 and Alert policy 1 in BMC Helix Log Analytics.

When Collection Policy 1 runs, logs are generated in BMC Helix Log Analytics. You can see the logs on the Explorer page.

When Alert Policy 1 runs, log events are generated in BMC Helix Operations Management. You can see the events on the Events page.

Otto: IT operator

Otto is a member of the IT operators user group, which is linked to Collection policy 1 and Alert policy 2 in BMC Helix Log Analytics.

When Collection Policy 1 runs, logs are generated in BMC Helix Log Analytics. You can see the logs on the Explorer page.

When Alert Policy 2 runs, log events are not generated in BMC Helix Operations Management, because the IT operators user group is not linked with Collection Policy 2.


Workflow for implementing data security

The following table provides information about the steps involved in implementing data-level access for logs:

Task

Role

Action

Reference

1

Administrator

Configure a collection policy with an assigned user group.

2

Administrator

Configure an alert policy with an assigned user group.


Results

Log events are generated in BMC Helix Operations Management if you select the same user group in the collection and alert policies.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*