By default Security Analytics is configured to limit access to reports, rules, alerts and charts to the particular user's group that created it. This means that when a report, rule, alert or chart is created that only the group of the user who created it will be able to see if by default. Due to this design decision, the Administrator Role will not have access to these items unless the user creating it specifically sets access for the Administrator Role.
In 10.4.0.x and below the only way for the Administrator Role to access all reports, rules, alerts and charts that were not created by the Administrator Role is the following:
1. Go to Security under Administration >> System 2. Under Users, select an account that needs access to all content, such as admin, and click the Edit button. 3. In the Roles tab click plus (+) and add all user roles, this will give the user access to all Reporting Engine created content. 4. Log in with the modified user account.
In 10.4.1 the following functionality was added to make administration of the Security Analytics Reporting Engine easier. To add the Administrator Role to all reports, rules, alerts and charts, perform the following steps in the Security Analytics UI:
1. From Administration >> Services, select the Reporting Engine, then select View >> Explore from the gear icon on the right. 2. In the left-hand pane, expand com.rsa.soc.re >> Configuration >> AdminAccessConfig, then select adminAccessConfig. 3. In the right-hand pane, click the AllowFullAccessToAdministrators text box (the default for this setting is false) and type true. 4. Clicking elsewhere on the screen or hitting enter will save the change.