The administrator sets up auditing for the default configuration. You might want all users and administrators to be audited according to the system-wide audit flags you specified in the audit_control file. To fine-tune auditing for individual users, you modify the users' entries in the audit_user file. See the audit_control(4) and audit_user(4) man pages. You can also choose to add audit flags to users' entries at the time you add new users, and you should probably set up auditing for the new user just after you unlock the account and configure the security attributes for that user.