Restricting log activity capabilities for tenant users

To ensure that the tenant administrator and users can view the log data for only their tenant, you must restrict the permissions for the Log Activity capability.

About this task

When you add the Log Activity capability to a user role, the Maintain Custom Rules and View Custom Rules permissions are automatically granted. Users who have these permissions have access to all log data for all domains. They can edit rules in all domains, even if their security profile settings have domain-level restrictions.

To prevent users from being able to access log data and modify rules in other domains or tenants, edit the user role and remove the Maintain Custom Rules and View Custom Rules permissions. Without these permissions, the tenant administrator and users cannot change rules, including those rules in their own domain.

Procedure

  1. On the navigation menu ( Navigation menu icon ), click Admin.
  2. In the System Configuration section, click User Roles and select the user role that you want to edit.
  3. Under Log Activity, clear the Maintain Custom Rules and View Custom Rules check boxes.
  4. Click Save.