Cisco Cisco Email Security Appliance C650 Guía Del Usuario
28-11
Cisco AsyncOS 8.0.2 for Email User Guide
Chapter 28 Distributing Administrative Tasks
Managing Custom User Roles for Delegated Administration
DLP Policies
The DLP Policies access privileges define a delegated administrator’s level of access to the DLP policies
via the DLP Policy Manager on the Email Security appliance. You can assign DLP policies to specific
custom user roles, allowing delegated administrators, in addition to operators and administrators, to
manage these policies. Delegated administrators with DLP access can also export DLP configuration
files from the Data Loss Prevention Global Settings page. Only administrators and operators can change
the mode of DLP used from RSA Email DLP to RSA Enterprise Manager, and vise versa.
via the DLP Policy Manager on the Email Security appliance. You can assign DLP policies to specific
custom user roles, allowing delegated administrators, in addition to operators and administrators, to
manage these policies. Delegated administrators with DLP access can also export DLP configuration
files from the Data Loss Prevention Global Settings page. Only administrators and operators can change
the mode of DLP used from RSA Email DLP to RSA Enterprise Manager, and vise versa.
If a delegated administrator also has mail policy privileges, they can customize the RSA Email DLP
policies. Delegated administrators can use any custom DLP dictionary for their RSA Email DLP
policies, but they cannot view or modify the custom DLP dictionaries.
policies. Delegated administrators can use any custom DLP dictionary for their RSA Email DLP
policies, but they cannot view or modify the custom DLP dictionaries.
You can assign one of the following access levels for RSA Email DLP policies to a custom user role:
•
No access: Delegated administrators cannot view or edit RSA Email DLP policies on the Email
Security appliance.
Security appliance.
•
View assigned, edit assigned: Delegated administrators can use the DLP Policy Manager to view
and edit the RSA Email DLP policies assigned to the custom user role. Delegated administrators
cannot rename or reorder DLP policies in the DLP Policy Manager. Delegated administrators can
export DLP configurations.
and edit the RSA Email DLP policies assigned to the custom user role. Delegated administrators
cannot rename or reorder DLP policies in the DLP Policy Manager. Delegated administrators can
export DLP configurations.
•
View all, edit assigned: Delegated administrators can view and edit the RSA Email DLP policies
assigned to the custom user role. They can export DLP configurations. They can also view all RSA
Email DLP policies that are not assigned to the custom user role but they cannot edit them.
Delegated administrators cannot reorder DLP policies in the DLP Policy Manager or rename the
policy.
assigned to the custom user role. They can export DLP configurations. They can also view all RSA
Email DLP policies that are not assigned to the custom user role but they cannot edit them.
Delegated administrators cannot reorder DLP policies in the DLP Policy Manager or rename the
policy.
•
View all, edit all (full access): Delegated administrators have full access to all of the RSA Email
DLP policies on the appliance, including the ability to create new ones. Delegated administrators
can reorder DLP policies in the DLP Policy Manager. They cannot change the DLP mode that the
appliance uses.
DLP policies on the appliance, including the ability to create new ones. Delegated administrators
can reorder DLP policies in the DLP Policy Manager. They cannot change the DLP mode that the
appliance uses.
You can assign individual RSA Email DLP policies to the custom user role using either the DLP Policy
Manager or the Custom User Roles for Delegated Administration table on the User Roles page.
Manager or the Custom User Roles for Delegated Administration table on the User Roles page.
See
for more information on RSA Email DLP policies and the DLP
Policy Manager.
See
for information on using the Custom
User Roles for Delegated Administration list to assign RSA Email DLP policies.
Email Reporting
The Email Reporting access privileges define which reports and Email Security Monitor pages a
delegated administrator can view, depending on the custom user role’s access to mail policies, content
filters, and RSA Email DLP policies. These reports are not filtered for assigned policies; delegated
administrators can view reports for mail and DLP policies that for which they are not responsible.
delegated administrator can view, depending on the custom user role’s access to mail policies, content
filters, and RSA Email DLP policies. These reports are not filtered for assigned policies; delegated
administrators can view reports for mail and DLP policies that for which they are not responsible.
You can assign one of the following access levels for email reporting to a custom user role:
•
No access: Delegated administrators cannot view reports on the Email Security appliance.
•
View relevant reports: Delegated administrators can view reports on the Email Security Monitor
pages related to their Mail Policies and Content Filters and DLP Policies access privileges.
Delegated administrators with Mail Policies and Content Filters access privileges can view the
following Email Security Monitor pages:
pages related to their Mail Policies and Content Filters and DLP Policies access privileges.
Delegated administrators with Mail Policies and Content Filters access privileges can view the
following Email Security Monitor pages:
–
Overview