Руководство Пользователя для Cisco Cisco Email Security Appliance C190
33-6
User Guide for AsyncOS 10.0 for Cisco Email Security Appliances
Chapter 33 Distributing Administrative Tasks
Managing Custom User Roles for Delegated Administration
Before You Begin
Ensure that you have met the prerequisites for these features. See
.
Procedure
Step 1
Go to the System Administration > Users page.
Step 2
Under Access to Sensitive Information in Message Tracking, click Edit Settings.
Step 3
Select the roles for which you want to grant access to each type of sensitive information.
Custom roles without access to Message Tracking can never view this information and thus are not listed.
Step 4
Submit and commit your changes.
Related Topics
•
•
•
Managing Custom User Roles for Delegated Administration
You can design custom user roles and delegate specific responsibilities to users that align with their roles
within your organization, allowing these delegated administrators access only to the email security
features they are responsible for and not the system configuration features that are not related to their
roles. Delegated administration provides more flexible control over your users’ access to the email
security features on the appliance than the predefined administrator, operator, and help desk user roles.
within your organization, allowing these delegated administrators access only to the email security
features they are responsible for and not the system configuration features that are not related to their
roles. Delegated administration provides more flexible control over your users’ access to the email
security features on the appliance than the predefined administrator, operator, and help desk user roles.
For example, you may have users who are responsible for managing mail policies for specific domains
on the Email Security appliance, but you do not want these users to access the system administration and
security services configuration features, which the predefined administrator and operator roles grant.
You can create a custom user role for mail policy administrators who can grant these users access to the
mail policies they manage, along with other email security features that they can use to manage messages
processed by these policies, such as Message Tracking and policy quarantines.
on the Email Security appliance, but you do not want these users to access the system administration and
security services configuration features, which the predefined administrator and operator roles grant.
You can create a custom user role for mail policy administrators who can grant these users access to the
mail policies they manage, along with other email security features that they can use to manage messages
processed by these policies, such as Message Tracking and policy quarantines.
Use the System Administration > User Roles page in the GUI (or the
userconfig
-> role
command in
the CLI) to define custom user roles and manage the email security features for which they are
responsible, such as mail policies, RSA Email DLP policies, email reports, and quarantines. For a full
list of email security features that delegated administrators can manage, see
responsible, such as mail policies, RSA Email DLP policies, email reports, and quarantines. For a full
list of email security features that delegated administrators can manage, see
. Custom roles can also be created when adding or editing a local user account using
the System Administration > Users page. See
for more information.
You should make sure when creating a custom user role so that its responsibilities don’t overlap too much
with the responsibilities of other delegated administrators. If multiple delegated administrators are
responsible for the same content filter, for example, and use the content filter in different mail policies,
the changes made to the filter by one delegated administrator may cause unintended side effects for the
mail policies managed by other delegated administrators.
with the responsibilities of other delegated administrators. If multiple delegated administrators are
responsible for the same content filter, for example, and use the content filter in different mail policies,
the changes made to the filter by one delegated administrator may cause unintended side effects for the
mail policies managed by other delegated administrators.