Assigning Rules to User Lists

Assigning Rules to User Lists

User Lists enhance alert rule operations by enabling you to assign rules to Lists of users, such as Privileged Users, Everyday Users, Remote Vendors, Terminated Employees, Users in a Watch-List, Executives, Developers & DevOps.

Privileged Users and Everyday Users lists are prepopulated based on common Active Directory groups. These lists can be modified, and other lists can be easily created or populated by assigning them individual users or Active Directory groups.

ITM On-Prem (ObserveIT) also provides an external API Web Service for customizing and managing Lists outside of the Web Console.

For details, see Implementing Lists in ObserveIT.

Lists cannot be used for configuring and operating prevent rules; prevent rules configuration is based on specific content (Items) only.

This topic describes how to:

View all the alert rules that are assigned to a specific User List.
Assign additional alert rules to a specific User List.

You can view and manage all the rules assigned to specific User lists from the Manage rules assigned to drop-down list at the top of the Alert & Prevent Rules page:

The options in the list enable you to Show all rules, view rules assigned to All Users, a specific Users type List (for example, Everyday Users), or None (when no specific Users list is selected). For details, see Viewing Rules and Their Assignments.

When a specific Users list or All Users is selected from the Manage rules assigned to drop-down list, two additional buttons are displayed in the Alert & Prevent Rules page:

Button	Description
	This button is enabled when one or more rule is selected. It allows you to unassign selected rules from the selected Users list. Note that after clicking Unassign: If the selected rules were previously assigned to a single user or to All Users, you will need to confirm if you want to unassign them from the selected Users List. By clicking Unassign, these rules will be inactivated. If the selected rules were assigned to more than one Users List, you will need to confirm the unassignment from the selected Users List.
	This button is enabled only when a specific Users type list is selected. It allows you to assign other rules in the system or from other Lists to the selected Users list.

Button

Description

This button is enabled when one or more rule is selected. It allows you to unassign selected rules from the selected Users list.

Note that after clicking Unassign:

If the selected rules were previously assigned to a single user or to All Users, you will need to confirm if you want to unassign them from the selected Users List. By clicking Unassign, these rules will be inactivated.
If the selected rules were assigned to more than one Users List, you will need to confirm the unassignment from the selected Users List.

This button is enabled only when a specific Users type list is selected. It allows you to assign other rules in the system or from other Lists to the selected Users list.

Viewing the Rules Assigned to a User List

To view alert rules that are currently assigned to a User List

From the Manage rules assigned to drop-down list in the Alert & Prevent Rules page, select the required User List (for example, Termination List).

The table is updated to display the rules (within their categories) that are currently assigned to the selected User List.
Note that the Existing Rules and Unassign buttons are now displayed.

If a rule is assigned to more than one User List, a hyperlink displays the number of lists. Clicking the link opens a popup in which you can see the assigned User Lists with a color-coded bar indication of their risk level. For example:

Assigning Additional Rules to a User List

ITM On-Prem (ObserveIT) enables you to see all rules in the system that might be assigned to other User Lists, and select any that you want to include in the selected User List. For each rule that you want to include, you can specify the required risk level (Critical, High, Medium, or Low).

To assign additional alert rules to a selected User List

In the above example (Termination List Users list type), click .
A popup window opens, listing all rules in the system including those assigned to other User Lists. For example:

To filter the display to show only rules that contain a specific name, description, or condition, enter the required text in the Search by field, and click Show. To clear the filter field, click Reset.

Select each rule that you want to add, select the risk level that you want to apply to the rule from the Risk Level drop-down list, and click Add.
If you select a category, all the rules associated with the category will be added. In order to change the risk level of these rules individually, you can edit the rule from the Manage Alert & Prevent Rules page. For details, see Defining Rule Details.

Note the following:

Only categories that contain rules can be selected.
You can expand a category in order to display its rules by clicking the icon.
You can open all the rules in all categories at once by clicking the Expand All Categories icon. (If the total number of rules for all expanded categories exceeds a predefined number, you cannot open them all at once.)