Cisco Cisco Email Security Appliance C160 Mode D'Emploi
31-7
Cisco AsyncOS 8.5.5 for Email Security User Guide
Chapter 31 Distributing Administrative Tasks
Managing Custom User Roles for Delegated Administration
Managing Custom User Roles for Delegated Administration
You can design custom user roles and delegate specific responsibilities to users that align with their roles
within your organization, allowing these delegated administrators access only to the email security
features they are responsible for and not the system configuration features that are not related to their
roles. Delegated administration provides more flexible control over your users’ access to the email
security features on the appliance than the predefined administrator, operator, and help desk user roles.
within your organization, allowing these delegated administrators access only to the email security
features they are responsible for and not the system configuration features that are not related to their
roles. Delegated administration provides more flexible control over your users’ access to the email
security features on the appliance than the predefined administrator, operator, and help desk user roles.
For example, you may have users who are responsible for managing mail policies for specific domains
on the Email Security appliance, but you do not want these users to access the system administration and
security services configuration features, which the predefined administrator and operator roles grant.
You can create a custom user role for mail policy administrators who can grant these users access to the
mail policies they manage, along with other email security features that they can use to manage messages
processed by these policies, such as Message Tracking and policy quarantines.
on the Email Security appliance, but you do not want these users to access the system administration and
security services configuration features, which the predefined administrator and operator roles grant.
You can create a custom user role for mail policy administrators who can grant these users access to the
mail policies they manage, along with other email security features that they can use to manage messages
processed by these policies, such as Message Tracking and policy quarantines.
Use the System Administration > User Roles page in the GUI (or the
userconfig
-> role
command in
the CLI) to define custom user roles and manage the email security features for which they are
responsible, such as mail policies, RSA Email DLP policies, email reports, and quarantines. For a full
list of email security features that delegated administrators can manage, see
responsible, such as mail policies, RSA Email DLP policies, email reports, and quarantines. For a full
list of email security features that delegated administrators can manage, see
. Custom roles can also be created when adding or editing a local user account using
the System Administration > Users page. See
for more information.
You should make sure when creating a custom user role so that its responsibilities don’t overlap too much
with the responsibilities of other delegated administrators. If multiple delegated administrators are
responsible for the same content filter, for example, and use the content filter in different mail policies,
the changes made to the filter by one delegated administrator may cause unintended side effects for the
mail policies managed by other delegated administrators.
with the responsibilities of other delegated administrators. If multiple delegated administrators are
responsible for the same content filter, for example, and use the content filter in different mail policies,
the changes made to the filter by one delegated administrator may cause unintended side effects for the
mail policies managed by other delegated administrators.
When you have created the custom user roles, you can assign local users and external authentication
groups to them like any other user role. See
groups to them like any other user role. See
information. Please note that users assigned to custom roles cannot access the CLI.
displays a list of custom user roles defined for an Email Security appliance, including the
access privileges assigned to the roles.
admin 10.1.3.135 Fri May 14 10:57 Fri May 14 10:58 0m
admin 10.1.3.67 Thu May 13 17:00 Thu May 13 19:24 2h 24m