Cisco Cisco Email Security Appliance C170 Guía Del Usuario
33-9
User Guide for AsyncOS 10.0 for Cisco Email Security Appliances
Chapter 33 Distributing Administrative Tasks
Managing Custom User Roles for Delegated Administration
Content filters created by operators and administrators are public by default. Delegated administrators
can enable or disable any existing content filters on mail policies assigned to their custom user role, but
they cannot modify or delete public content filters.
can enable or disable any existing content filters on mail policies assigned to their custom user role, but
they cannot modify or delete public content filters.
If a delegated administrator deletes a content filter used by mail policies other than their own, or if the
content filter is assigned to other custom user roles, AsyncOS does not delete the content filter from the
system. AsyncOS instead unlinks the content filter from the custom user role and removes it from the
delegated administrator’s mail policies. The content filter remains available to other custom user roles
and mail policies.
content filter is assigned to other custom user roles, AsyncOS does not delete the content filter from the
system. AsyncOS instead unlinks the content filter from the custom user role and removes it from the
delegated administrator’s mail policies. The content filter remains available to other custom user roles
and mail policies.
Delegated administrators can use any text resource or dictionary in their content filters, but they cannot
access the Text Resources or Dictionaries pages in the GUI to view or modify them. Delegated
administrators also cannot create new text resources or dictionaries.
access the Text Resources or Dictionaries pages in the GUI to view or modify them. Delegated
administrators also cannot create new text resources or dictionaries.
For outgoing mail policies, delegated administrators can enable or disable DLP policies but they cannot
customize the DLP settings unless they also have DLP policy privileges.
customize the DLP settings unless they also have DLP policy privileges.
You can assign one of the following access levels for mail policies and content filters to a custom user
role:
role:
•
No access: Delegated administrators cannot view or edit mail policies and content filters on the
Email Security appliance.
Email Security appliance.
•
View assigned, edit assigned: Delegated administrators can view and edit the mail policies and
content filters assigned to the custom user role and create new content filters. Delegated
administrators can edit a policy’s Anti-Spam, Anti-Virus, and Outbreak Filters settings. They can
enable their content filters for the policy, as well as disable any existing content filter assigned to
the policy, regardless of whether they are responsible for it. Delegated administrators cannot modify
a mail policy’s name or its senders, recipients, or groups. Delegated administrators can modify the
order of the content filters for mail policies assigned to their custom user role.
content filters assigned to the custom user role and create new content filters. Delegated
administrators can edit a policy’s Anti-Spam, Anti-Virus, and Outbreak Filters settings. They can
enable their content filters for the policy, as well as disable any existing content filter assigned to
the policy, regardless of whether they are responsible for it. Delegated administrators cannot modify
a mail policy’s name or its senders, recipients, or groups. Delegated administrators can modify the
order of the content filters for mail policies assigned to their custom user role.
•
View all, edit assigned: Delegated administrators can view all mail policies and content filters on
the appliance, but they can only edit the ones assigned to the custom user role.
the appliance, but they can only edit the ones assigned to the custom user role.
View all, edit all (full access): Delegated administrators have full access to all of the mail policies and
content filters on the appliance, including the default mail policies, and have the ability to create new
mail policies. Delegated administrators can modify the senders, recipients, and groups of all mail
policies. They can also reorder mail policies.
content filters on the appliance, including the default mail policies, and have the ability to create new
mail policies. Delegated administrators can modify the senders, recipients, and groups of all mail
policies. They can also reorder mail policies.
You can assign individual mail policies and content filters to the custom user role using either the Email
Security Manager or the Custom User Roles for Delegated Administration table on the User Roles page.
Security Manager or the Custom User Roles for Delegated Administration table on the User Roles page.
See
for information on using the Custom
User Roles for Delegated Administration table to assign mail policies and content filters.
DLP Policies
The DLP Policies access privileges define a delegated administrator’s level of access to the DLP policies
via the DLP Policy Manager on the Email Security appliance. You can assign DLP policies to specific
custom user roles, allowing delegated administrators, in addition to operators and administrators, to
manage these policies. Delegated administrators with DLP access can also export DLP configuration
files from the Data Loss Prevention Global Settings page. Only administrators and operators can change
the mode of DLP used from RSA Email DLP to RSA Enterprise Manager, and vise versa.
via the DLP Policy Manager on the Email Security appliance. You can assign DLP policies to specific
custom user roles, allowing delegated administrators, in addition to operators and administrators, to
manage these policies. Delegated administrators with DLP access can also export DLP configuration
files from the Data Loss Prevention Global Settings page. Only administrators and operators can change
the mode of DLP used from RSA Email DLP to RSA Enterprise Manager, and vise versa.
If a delegated administrator also has mail policy privileges, they can customize the RSA Email DLP
policies. Delegated administrators can use any custom DLP dictionary for their RSA Email DLP
policies, but they cannot view or modify the custom DLP dictionaries.
policies. Delegated administrators can use any custom DLP dictionary for their RSA Email DLP
policies, but they cannot view or modify the custom DLP dictionaries.
You can assign one of the following access levels for RSA Email DLP policies to a custom user role: