Cisco Cisco Email Security Appliance C160 Mode D'Emploi

If a delegated administrator deletes a content filter used by mail policies other than their own, or if the 
content filter is assigned to other custom user roles, AsyncOS does not delete the content filter from the 
system. AsyncOS instead unlinks the content filter from the custom user role and removes it from the 
delegated administrator’s mail policies. The content filter remains available to other custom user roles 
and mail policies.

Delegated administrators can use any text resource or dictionary in their content filters, but they cannot 
access the Text Resources or Dictionaries pages in the GUI to view or modify them. Delegated 
administrators also cannot create new text resources or dictionaries.

For outgoing mail policies, delegated administrators can enable or disable DLP policies but they cannot 
customize the DLP settings unless they also have DLP policy privileges.

You can assign one of the following access levels for mail policies and content filters to a custom user 
role:

No access: Delegated administrators cannot view or edit mail policies and content filters on the 
Email Security appliance.

View assigned, edit assigned: Delegated administrators can view and edit the mail policies and 
content filters assigned to the custom user role and create new content filters. Delegated 
administrators can edit a policy’s Anti-Spam, Anti-Virus, and Outbreak Filters settings. They can 
enable their content filters for the policy, as well as disable any existing content filter assigned to 
the policy, regardless of whether they are responsible for it. Delegated administrators cannot modify 
a mail policy’s name or its senders, recipients, or groups. Delegated administrators can modify the 
order of the content filters for mail policies assigned to their custom user role. 

View all, edit assigned: Delegated administrators can view all mail policies and content filters on 
the appliance, but they can only edit the ones assigned to the custom user role.

View all, edit all (full access): Delegated administrators have full access to all of the mail policies and 
content filters on the appliance, including the default mail policies, and have the ability to create new 
mail policies. Delegated administrators can modify the senders, recipients, and groups of all mail 
policies. They can also reorder mail policies. 

You can assign individual mail policies and content filters to the custom user role using either the Email 
Security Manager or the Custom User Roles for Delegated Administration table on the User Roles page.

See the “Email Security Manager” chapter in the Cisco IronPort AsyncOS for Email Configuration 
Guide for more information on using the Email Security Manager for mail policies and content filters.

See 

 for information on using the Custom 

User Roles for Delegated Administration table to assign mail policies and content filters.

The DLP Policies access privileges define a delegated administrator’s level of access to the DLP policies 
via the DLP Policy Manager on the Email Security appliance. You can assign DLP policies to specific 
custom user roles, allowing delegated administrators, in addition to operators and administrators, to 
manage these policies. Delegated administrators with DLP access can also export DLP configuration 
files from the Data Loss Prevention Global Settings page. Only administrators and operators can change 
the mode of DLP used from RSA Email DLP to RSA Enterprise Manager, and vise versa.

If a delegated administrator also has mail policy privileges, they can customize the RSA Email DLP 
policies. Delegated administrators can use any custom DLP dictionary for their RSA Email DLP 
policies, but they cannot view or modify the custom DLP dictionaries.

You can assign one of the following access levels for RSA Email DLP policies to a custom user role: