Cisco Cisco Email Security Appliance C650 Guía Del Usuario
28-10
Cisco AsyncOS 8.0 for Email User Guide
Chapter 28 Distributing Administrative Tasks
Managing Custom User Roles for Delegated Administration
Mail Policies and Content Filters
The Mail Policies and Content Filters access privileges define a delegated administrator’s level of access
to the incoming and outgoing mail policies and content filters on the Email Security appliance. You can
assign specific mail policies and content filters to a custom user role, allowing only the delegated
administrators belonging to this role, along with operators and administrators, to manage the mail
policies and content filters.
to the incoming and outgoing mail policies and content filters on the Email Security appliance. You can
assign specific mail policies and content filters to a custom user role, allowing only the delegated
administrators belonging to this role, along with operators and administrators, to manage the mail
policies and content filters.
All delegated administrators with this access privilege can view the default incoming and outgoing mail
policies but they can only edit these policies if they have full access.
policies but they can only edit these policies if they have full access.
All delegated administrators with access privileges can create new content filters to use with their mail
policies. A content filter created by a delegated administrator is available to the other delegated
administrators assigned to the custom user role. Content filters that are not assigned to any custom user
role are public and can be viewed by all delegated administrators with the mail policy access privilege.
Content filters created by operators and administrators are public by default. Delegated administrators
can enable or disable any existing content filters on mail policies assigned to their custom user role, but
they cannot modify or delete public content filters.
policies. A content filter created by a delegated administrator is available to the other delegated
administrators assigned to the custom user role. Content filters that are not assigned to any custom user
role are public and can be viewed by all delegated administrators with the mail policy access privilege.
Content filters created by operators and administrators are public by default. Delegated administrators
can enable or disable any existing content filters on mail policies assigned to their custom user role, but
they cannot modify or delete public content filters.
If a delegated administrator deletes a content filter used by mail policies other than their own, or if the
content filter is assigned to other custom user roles, AsyncOS does not delete the content filter from the
system. AsyncOS instead unlinks the content filter from the custom user role and removes it from the
delegated administrator’s mail policies. The content filter remains available to other custom user roles
and mail policies.
content filter is assigned to other custom user roles, AsyncOS does not delete the content filter from the
system. AsyncOS instead unlinks the content filter from the custom user role and removes it from the
delegated administrator’s mail policies. The content filter remains available to other custom user roles
and mail policies.
Delegated administrators can use any text resource or dictionary in their content filters, but they cannot
access the Text Resources or Dictionaries pages in the GUI to view or modify them. Delegated
administrators also cannot create new text resources or dictionaries.
access the Text Resources or Dictionaries pages in the GUI to view or modify them. Delegated
administrators also cannot create new text resources or dictionaries.
For outgoing mail policies, delegated administrators can enable or disable DLP policies but they cannot
customize the DLP settings unless they also have DLP policy privileges.
customize the DLP settings unless they also have DLP policy privileges.
You can assign one of the following access levels for mail policies and content filters to a custom user
role:
role:
•
No access: Delegated administrators cannot view or edit mail policies and content filters on the
Email Security appliance.
Email Security appliance.
•
View assigned, edit assigned: Delegated administrators can view and edit the mail policies and
content filters assigned to the custom user role and create new content filters. Delegated
administrators can edit a policy’s Anti-Spam, Anti-Virus, and Outbreak Filters settings. They can
enable their content filters for the policy, as well as disable any existing content filter assigned to
the policy, regardless of whether they are responsible for it. Delegated administrators cannot modify
a mail policy’s name or its senders, recipients, or groups. Delegated administrators can modify the
order of the content filters for mail policies assigned to their custom user role.
content filters assigned to the custom user role and create new content filters. Delegated
administrators can edit a policy’s Anti-Spam, Anti-Virus, and Outbreak Filters settings. They can
enable their content filters for the policy, as well as disable any existing content filter assigned to
the policy, regardless of whether they are responsible for it. Delegated administrators cannot modify
a mail policy’s name or its senders, recipients, or groups. Delegated administrators can modify the
order of the content filters for mail policies assigned to their custom user role.
•
View all, edit assigned: Delegated administrators can view all mail policies and content filters on
the appliance, but they can only edit the ones assigned to the custom user role.
the appliance, but they can only edit the ones assigned to the custom user role.
View all, edit all (full access): Delegated administrators have full access to all of the mail policies and
content filters on the appliance, including the default mail policies, and have the ability to create new
mail policies. Delegated administrators can modify the senders, recipients, and groups of all mail
policies. They can also reorder mail policies.
content filters on the appliance, including the default mail policies, and have the ability to create new
mail policies. Delegated administrators can modify the senders, recipients, and groups of all mail
policies. They can also reorder mail policies.
You can assign individual mail policies and content filters to the custom user role using either the Email
Security Manager or the Custom User Roles for Delegated Administration table on the User Roles page.
Security Manager or the Custom User Roles for Delegated Administration table on the User Roles page.
for information on using the Custom
User Roles for Delegated Administration table to assign mail policies and content filters.