Print Download PDF Send Feedback

Previous

Next

Role of DLP Administrator

DLP provides various auditing tools: automatic notifications to data owners when transmission of protected data was attempted; user notifications and self-handling portal; tracking and logging, event details, charts, graphs, filtered lists, and reports from the Logs & Monitor view.

Before you begin your audit, configure your DLP policy. First, define Data Types.

To create and refine the DLP policy:

DLP Permissions for Administrator Accounts

You can assign a DLP administrator full DLP permissions or a subset of permissions.

With full permissions, a DLP administrator can:

An alternative to assigning a full set of permissions is to configure a subset. This gives you the flexibility to assign only some of the permissions. For example, permissions to only see the fields of the logs but not to see the captured data or send or discard quarantined emails.

Configuring Full DLP Permissions

To configure full permissions:

  1. In SmartConsole, select Manage & Settings > Permissions & Administrators.
  2. Double-click the administrator account or click New create a new administrator user account.

    The Administrator Properties window opens, and shows the General page.

  3. In Permission Profile, click the drop-down menu and then click New.

    The Permissions Profile Properties window opens.

  4. In Enter Object Name, enter the name for the DLP admin profile.
  5. Make sure Read/Write All is selected.
  6. From the navigation tree, click Monitoring and Logging.
  7. Select these options:
    • DLP logs including confidential fields
    • View/Release/Discard DLP messages
  8. Click OK.
  9. Close the administrator window and publish the changes.

Configuring a Subset of Permissions

To configure a subset of permissions for the DLP administrator:

  1. In SmartConsole, select Manage & Settings > Permissions & Administrators.
  2. Double-click the administrator account or click New create a new administrator user account.

    The Administrator Properties window opens, and shows the General page.

  3. In Permission Profile, click the drop-down menu and then click New.

    The Permissions Profile Properties window opens.

  4. In Enter Object Name, enter the name for the DLP admin profile.
  5. Select Customized and click Edit.
  6. From the navigation tree, click Access Control.
  7. In the Additional Policies section, configure Read or Write permissions for Data Loss Prevention.
  8. From the navigation tree, click Monitoring and Logging.
  9. Select one or more of these options:
    • DLP Logs including confidential fields - Permissions to view all fields of DLP logs in the Logs & Monitor Logs view. When this check box is cleared, an administrator sees the text **** Confidential **** and not the actual content of fields defined as confidential.
    • View/Release/Discard DLP messages - Permissions to view emails and related incidents from within the Logs & Monitor Logs view. With this permission, administrators can also release (send) or discard quarantined emails from within the Logs & Monitor Logs view.

      Note - If you select all of these options with Write permissions, the administrator has full DLP permissions.

  10. Click OK.
  11. Close the administrator window and publish the changes.