Cisco Cisco Email Security Appliance C190 사용자 가이드
32-6
User Guide for AsyncOS 9.7 for Cisco Email Security Appliances
Chapter 32 Distributing Administrative Tasks
Managing Custom User Roles for Delegated Administration
Procedure
Step 1
Go to the System Administration > Users page.
Step 2
Under DLP Tracking Privileges, click Edit Settings.
Step 3
Select the roles for which you want to grant access to DLP data in Message Tracking.
Custom roles without access to Message Tracking can never view this information and thus are not listed.
Step 4
Submit and commit your changes.
The following features must be enabled in Security Services for this setting to take effect:
•
Message Tracking
•
RSA Email DLP
•
RSA Email DLP > Matched Content Logging
Managing Custom User Roles for Delegated Administration
You can design custom user roles and delegate specific responsibilities to users that align with their roles
within your organization, allowing these delegated administrators access only to the email security
features they are responsible for and not the system configuration features that are not related to their
roles. Delegated administration provides more flexible control over your users’ access to the email
security features on the appliance than the predefined administrator, operator, and help desk user roles.
within your organization, allowing these delegated administrators access only to the email security
features they are responsible for and not the system configuration features that are not related to their
roles. Delegated administration provides more flexible control over your users’ access to the email
security features on the appliance than the predefined administrator, operator, and help desk user roles.
For example, you may have users who are responsible for managing mail policies for specific domains
on the Email Security appliance, but you do not want these users to access the system administration and
security services configuration features, which the predefined administrator and operator roles grant.
You can create a custom user role for mail policy administrators who can grant these users access to the
mail policies they manage, along with other email security features that they can use to manage messages
processed by these policies, such as Message Tracking and policy quarantines.
on the Email Security appliance, but you do not want these users to access the system administration and
security services configuration features, which the predefined administrator and operator roles grant.
You can create a custom user role for mail policy administrators who can grant these users access to the
mail policies they manage, along with other email security features that they can use to manage messages
processed by these policies, such as Message Tracking and policy quarantines.
Use the System Administration > User Roles page in the GUI (or the
userconfig
-> role
command in
the CLI) to define custom user roles and manage the email security features for which they are
responsible, such as mail policies, RSA Email DLP policies, email reports, and quarantines. For a full
list of email security features that delegated administrators can manage, see
responsible, such as mail policies, RSA Email DLP policies, email reports, and quarantines. For a full
list of email security features that delegated administrators can manage, see
. Custom roles can also be created when adding or editing a local user account using
the System Administration > Users page. See
for more information.
You should make sure when creating a custom user role so that its responsibilities don’t overlap too much
with the responsibilities of other delegated administrators. If multiple delegated administrators are
responsible for the same content filter, for example, and use the content filter in different mail policies,
the changes made to the filter by one delegated administrator may cause unintended side effects for the
mail policies managed by other delegated administrators.
with the responsibilities of other delegated administrators. If multiple delegated administrators are
responsible for the same content filter, for example, and use the content filter in different mail policies,
the changes made to the filter by one delegated administrator may cause unintended side effects for the
mail policies managed by other delegated administrators.
When you have created the custom user roles, you can assign local users and external authentication
groups to them like any other user role. See
groups to them like any other user role. See
for more
information. Please note that users assigned to custom roles cannot access the CLI.
Related Topics
•