Cisco Cisco Content Security Management Appliance M1070 Mode D'Emploi
12-4
Cisco IronPort AsyncOS 8.0 for Security Management User Guide
Chapter 12 Distributing Administrative Tasks
If you use an LDAP directory to authenticate users, you assign directory groups to user roles instead of
individual users. When you assign a directory group to a user role, each user in that group receives the
permissions defined for the user role. For more information, see
individual users. When you assign a directory group to a user role, each user in that group receives the
permissions defined for the user role. For more information, see
Before users can access the spam quarantine, you must enable that access. See
Custom User Roles
The Security Management appliance allows users with Administration privileges to delegate
administration capabilities to custom roles. Custom roles provide more flexible control over your users’
access than the predefined user roles do.
administration capabilities to custom roles. Custom roles provide more flexible control over your users’
access than the predefined user roles do.
Users to whom you assign custom user roles can manage policies or access reports for a subset of
appliances, features, or end users. For example, you might allow a delegated administrator for web
services to manage policies for an organization’s branch office in a different country, where the
acceptable use policies might be different from those at the organization’s headquarters. You delegate
administration by creating custom user roles and assigning access permissions to those roles. You
determine which policies, features, reports, custom URL categories, etc. that the delegated
administrators can view and edit.
appliances, features, or end users. For example, you might allow a delegated administrator for web
services to manage policies for an organization’s branch office in a different country, where the
acceptable use policies might be different from those at the organization’s headquarters. You delegate
administration by creating custom user roles and assigning access permissions to those roles. You
determine which policies, features, reports, custom URL categories, etc. that the delegated
administrators can view and edit.
For more information, see:
•
•
About Custom Email User Roles
You can assign custom roles to allow delegated administrators to access the following on the Security
Management appliance:
Management appliance:
•
All reports (optionally restricted by Reporting Group)
•
Mail Policy reports (optionally restricted by Reporting Group)
•
DLP reports (optionally restricted by Reporting Group)
•
Message Tracking
•
Spam quarantine
Detailed information about each of these items follows this section. In addition, all users granted any of
these privileges can see the System Status, available under the Management Appliance tab > Centralized
Services menu. Users assigned to custom email user roles cannot access the CLI.
these privileges can see the System Status, available under the Management Appliance tab > Centralized
Services menu. Users assigned to custom email user roles cannot access the CLI.
Note
Custom user roles on the Email Security appliance offer more granular access than do user roles on the
Security Management appliance. For example, you can delegate access to mail and DLP policies and
content filters. For details, see the “Managing Custom User Roles for Delegated Administration” section
in the “Common Administration” chapter of the Cisco IronPort AsyncOS for Email Security Daily
Management Guide.
Security Management appliance. For example, you can delegate access to mail and DLP policies and
content filters. For details, see the “Managing Custom User Roles for Delegated Administration” section
in the “Common Administration” chapter of the Cisco IronPort AsyncOS for Email Security Daily
Management Guide.
Email Reporting
You can grant custom user roles access to Email reports as described in the following sections.