Cisco Cisco Email Security Appliance C160 Mode D'Emploi
32-11
User Guide for AsyncOS 9.7 for Cisco Email Security Appliances
Chapter 32 Distributing Administrative Tasks
Managing Custom User Roles for Delegated Administration
See the Chapter 28, “Using Email Security Monitor,” on page 1 chapter for more information on email
reporting and the Email Security Monitor.
reporting and the Email Security Monitor.
Message Tracking
The Message Tracking access privileges define whether delegated administrators assigned to the custom
user role have access to Message Tracking, including message content that may violate your
organization’s DLP policies if the DLP Tracking Policies option has been enabled on the System
Administration > Users page and the custom user role also has DLP policies access privileges.
user role have access to Message Tracking, including message content that may violate your
organization’s DLP policies if the DLP Tracking Policies option has been enabled on the System
Administration > Users page and the custom user role also has DLP policies access privileges.
Delegated administrators can only search for the DLP violations for the RSA Email DLP policies
assigned to them.
assigned to them.
See Chapter 29, “Tracking Messages,” on page 1 for more information on Message Tracking.
See
for information for
allowing delegated administrators access to viewing matched DLP content in Message Tracking.
Trace
The Trace access privileges define whether delegated administrators assigned to the custom user role can
use Trace to debug the flow of messages through the system. Delegated administrators with access can
run Trace and view all of the generated output. Trace results are not filtered based on the delegated
administrator’s mail or DLP policy privileges.
use Trace to debug the flow of messages through the system. Delegated administrators with access can
run Trace and view all of the generated output. Trace results are not filtered based on the delegated
administrator’s mail or DLP policy privileges.
See
for more information on using Trace.
Quarantines
The Quarantines access privileges define whether delegated administrators can manage assigned
quarantines. Delegated administrators can view and take actions on any message in an assigned
quarantine, such as releasing or deleting messages, but cannot change the quarantine’s configuration
(e.g. the size, retention period, etc.), or create or delete quarantines.
quarantines. Delegated administrators can view and take actions on any message in an assigned
quarantine, such as releasing or deleting messages, but cannot change the quarantine’s configuration
(e.g. the size, retention period, etc.), or create or delete quarantines.
You can assign any of the quarantines to the custom user role using either the Monitor > Quarantines
page or the Custom User Roles for Delegated Administration table on the User Roles page.
page or the Custom User Roles for Delegated Administration table on the User Roles page.
See
and
for more information on assigning
Quarantine management tasks to administrative users.
See
for information on using the Custom
User Roles for Delegated Administration list to assign quarantines.
Encryption Profiles
The Encryption Profiles access privileges define whether delegated administrators can use encryption
profiles assigned to their custom user role when editing content filters or DLP policies. Encryption
profiles can only be assigned to custom user roles with mail or DLP policy access privileges. Encryption
profiles that are not assigned to a custom role are available for use by all delegated administrators with
mail or DLP policy privileges. Delegated administrators cannot view or modify any encryption profiles.
profiles assigned to their custom user role when editing content filters or DLP policies. Encryption
profiles can only be assigned to custom user roles with mail or DLP policy access privileges. Encryption
profiles that are not assigned to a custom role are available for use by all delegated administrators with
mail or DLP policy privileges. Delegated administrators cannot view or modify any encryption profiles.
You can assign encryption profiles when creating or editing an encryption profile using the Security
Services > IronPort Email Encryption page.
Services > IronPort Email Encryption page.