Руководство Пользователя для Cisco Cisco Email Security Appliance C160
32-13
AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide
Chapter 32 Distributing Administrative Tasks
Managing Custom User Roles for Delegated Administration
Trace
The Trace access privileges define whether delegated administrators assigned to the custom user role can
use Trace to debug the flow of messages through the system. Delegated administrators with access can
run Trace and view all of the generated output. Trace results are not filtered based on the delegated
administrator’s mail or DLP policy privileges.
use Trace to debug the flow of messages through the system. Delegated administrators with access can
run Trace and view all of the generated output. Trace results are not filtered based on the delegated
administrator’s mail or DLP policy privileges.
See
for more information on using Trace.
Quarantines
The Quarantines access privileges define whether delegated administrators can manage assigned
quarantines. Delegated administrators can view and take actions on any message in an assigned
quarantine, such as releasing or deleting messages, but cannot change the quarantine’s configuration
(e.g. the size, retention period, etc.), or create or delete quarantines.
quarantines. Delegated administrators can view and take actions on any message in an assigned
quarantine, such as releasing or deleting messages, but cannot change the quarantine’s configuration
(e.g. the size, retention period, etc.), or create or delete quarantines.
You can assign any of the quarantines to the custom user role using either the Monitor > Quarantines
page or the Custom User Roles for Delegated Administration table on the User Roles page.
page or the Custom User Roles for Delegated Administration table on the User Roles page.
See
and
for more information on assigning
Quarantine management tasks to administrative users.
See
for information on using the Custom
User Roles for Delegated Administration list to assign quarantines.
Encryption Profiles
The Encryption Profiles access privileges define whether delegated administrators can use encryption
profiles assigned to their custom user role when editing content filters or DLP policies. Encryption
profiles can only be assigned to custom user roles with mail or DLP policy access privileges. Encryption
profiles that are not assigned to a custom role are available for use by all delegated administrators with
mail or DLP policy privileges. Delegated administrators cannot view or modify any encryption profiles.
profiles assigned to their custom user role when editing content filters or DLP policies. Encryption
profiles can only be assigned to custom user roles with mail or DLP policy access privileges. Encryption
profiles that are not assigned to a custom role are available for use by all delegated administrators with
mail or DLP policy privileges. Delegated administrators cannot view or modify any encryption profiles.
You can assign encryption profiles when creating or editing an encryption profile using the Security
Services > IronPort Email Encryption page.
Services > IronPort Email Encryption page.
Defining a Custom User Role
User the User Roles page in the GUI (or the
userconfig -> role
command in the CLI) to define a new
user role and assign its access privileges. The User Roles page displays all existing custom user roles on
the appliance and the access privileges for each role.
the appliance and the access privileges for each role.
Procedure
Step 1
Choose System Administration > User Roles.
Step 2
Click Add User Role.
Step 3
Enter a name for the user role.
Step 4
Enter a description of the user role and its privileges.
Step 5
Select the user role’s access privileges. (See
for more
information on each type of access privilege.)