Cisco Cisco Email Security Appliance C160 Mode D'Emploi
32-9
User Guide for AsyncOS 9.7 for Cisco Email Security Appliances
Chapter 32 Distributing Administrative Tasks
Managing Custom User Roles for Delegated Administration
Delegated administrators can use any text resource or dictionary in their content filters, but they cannot
access the Text Resources or Dictionaries pages in the GUI to view or modify them. Delegated
administrators also cannot create new text resources or dictionaries.
access the Text Resources or Dictionaries pages in the GUI to view or modify them. Delegated
administrators also cannot create new text resources or dictionaries.
For outgoing mail policies, delegated administrators can enable or disable DLP policies but they cannot
customize the DLP settings unless they also have DLP policy privileges.
customize the DLP settings unless they also have DLP policy privileges.
You can assign one of the following access levels for mail policies and content filters to a custom user
role:
role:
•
No access: Delegated administrators cannot view or edit mail policies and content filters on the
Email Security appliance.
Email Security appliance.
•
View assigned, edit assigned: Delegated administrators can view and edit the mail policies and
content filters assigned to the custom user role and create new content filters. Delegated
administrators can edit a policy’s Anti-Spam, Anti-Virus, and Outbreak Filters settings. They can
enable their content filters for the policy, as well as disable any existing content filter assigned to
the policy, regardless of whether they are responsible for it. Delegated administrators cannot modify
a mail policy’s name or its senders, recipients, or groups. Delegated administrators can modify the
order of the content filters for mail policies assigned to their custom user role.
content filters assigned to the custom user role and create new content filters. Delegated
administrators can edit a policy’s Anti-Spam, Anti-Virus, and Outbreak Filters settings. They can
enable their content filters for the policy, as well as disable any existing content filter assigned to
the policy, regardless of whether they are responsible for it. Delegated administrators cannot modify
a mail policy’s name or its senders, recipients, or groups. Delegated administrators can modify the
order of the content filters for mail policies assigned to their custom user role.
•
View all, edit assigned: Delegated administrators can view all mail policies and content filters on
the appliance, but they can only edit the ones assigned to the custom user role.
the appliance, but they can only edit the ones assigned to the custom user role.
View all, edit all (full access): Delegated administrators have full access to all of the mail policies and
content filters on the appliance, including the default mail policies, and have the ability to create new
mail policies. Delegated administrators can modify the senders, recipients, and groups of all mail
policies. They can also reorder mail policies.
content filters on the appliance, including the default mail policies, and have the ability to create new
mail policies. Delegated administrators can modify the senders, recipients, and groups of all mail
policies. They can also reorder mail policies.
You can assign individual mail policies and content filters to the custom user role using either the Email
Security Manager or the Custom User Roles for Delegated Administration table on the User Roles page.
Security Manager or the Custom User Roles for Delegated Administration table on the User Roles page.
See
for information on using the Custom
User Roles for Delegated Administration table to assign mail policies and content filters.
DLP Policies
The DLP Policies access privileges define a delegated administrator’s level of access to the DLP policies
via the DLP Policy Manager on the Email Security appliance. You can assign DLP policies to specific
custom user roles, allowing delegated administrators, in addition to operators and administrators, to
manage these policies. Delegated administrators with DLP access can also export DLP configuration
files from the Data Loss Prevention Global Settings page. Only administrators and operators can change
the mode of DLP used from RSA Email DLP to RSA Enterprise Manager, and vise versa.
via the DLP Policy Manager on the Email Security appliance. You can assign DLP policies to specific
custom user roles, allowing delegated administrators, in addition to operators and administrators, to
manage these policies. Delegated administrators with DLP access can also export DLP configuration
files from the Data Loss Prevention Global Settings page. Only administrators and operators can change
the mode of DLP used from RSA Email DLP to RSA Enterprise Manager, and vise versa.
If a delegated administrator also has mail policy privileges, they can customize the RSA Email DLP
policies. Delegated administrators can use any custom DLP dictionary for their RSA Email DLP
policies, but they cannot view or modify the custom DLP dictionaries.
policies. Delegated administrators can use any custom DLP dictionary for their RSA Email DLP
policies, but they cannot view or modify the custom DLP dictionaries.
You can assign one of the following access levels for RSA Email DLP policies to a custom user role:
•
No access: Delegated administrators cannot view or edit RSA Email DLP policies on the Email
Security appliance.
Security appliance.
•
View assigned, edit assigned: Delegated administrators can use the DLP Policy Manager to view
and edit the RSA Email DLP policies assigned to the custom user role. Delegated administrators
cannot rename or reorder DLP policies in the DLP Policy Manager. Delegated administrators can
export DLP configurations.
and edit the RSA Email DLP policies assigned to the custom user role. Delegated administrators
cannot rename or reorder DLP policies in the DLP Policy Manager. Delegated administrators can
export DLP configurations.