Controlling access to the log data

Log events are generated in BMC Helix Operations Management when the collection and alert policies are aligned. Assigning the same user group to both policies ensures consistent data handling and accurate correlation between logs and alerts for efficient event management.

Benefits of using data-level access control

You can enhance security by ensuring policies and data are accessible only to authorized users and user groups.

Scenario: Apex Global achieves data security

Tina is a tenant administrator at Apex Global. The company uses BMC Helix Log Analytics to collect and analyze logs. Apex Global has implemented data-level access control to manage access to the data based on user groups.

BMC Helix Log Analyticspolicies define how user groups collect, analyze, and access data. Tina uses collection and alert policies to control access to the data.

• Collection policies: Defines which logs are collected from the applications and access for user groups.
• Alert policies: Defines the conditions that trigger alerts based on the collected log data and who can view them.

Tina has created the following policies:

• Collection policy 1
  Tina uses Collection policy 1 to collect logs from application servers and assigns them to the Service operator's user group.
• Collection policy 2
  Tina uses Collection policy 2 to collect logs from database servers and assigns them to the IT operator's user group.
• Alert policy 1
  Triggers alerts for application server errors and assigns them to the Service operator's user group.
• Alert policy 2
  Triggers alerts for database server issues and assigns them to the IT operator's user group.

Let's see how data-level access control works for Jane and Otto, two operators at Apex Global.

BMC Helix Operations Managementuses authorization profiles to control access to log events. By assigning appropriate roles and authorization profiles, Jane and Otto can view the events relevant to their responsibilities.

For more information about setting up access control in BMC Helix Operations Management, see Setting up access control
 

Jane: Service operator

Jane is a member of the Service operator's user group, which is associated with Collection policy 1 and Alert policy 1 in BMC Helix Log Analytics.

Jane is associated with the Service operator authorization profile in BMC Helix Operations Managementand can see events generated by Alert policy 1 for application events.

When Collection policy 1 runs, logs from application servers are collected in BMC Helix Log Analytics. Jane can see the logs on the Explorer page.

When Alert policy 1 runs, application server errors generate events in BMC Helix Operations Management. Jane can see the events on the Events page.

Otto: IT operator

Otto is a member of the IT operator's user group, which is associated with Collection policy 2 and Alert policy 2 in BMC Helix Log Analytics.

Otto is associated with the IT operator authorization profile in BMC Helix Operations Managementand can see events generated by Alert policy 2 for database events.

When Collection policy 2 runs, logs from database servers are collected in BMC Helix Log Analytics. Otto can see the logs on the Explorer page.

When Alert policy 2 runs, database server errors generate events in BMC Helix Operations Management. Otto can see the events on the Events page.

Workflow for implementing data security

The following table provides information about the steps involved in implementing data-level access for logs:

Results

Log events are generated in BMC Helix Operations Management if you select the same user group in the collection and alert policies.

Jane only sees data from Collection policy 1 and Alert policy 1, while Otto only sees data from Collection policy 2 and Alert policy 2.