Defining administrators

Forcepoint DLP administrators configure security policies, view incidents, fine-tune system performance, and more. An organization might have one Super Administrator or multiple administrators with different responsibilities.

Administrator accounts for all Forcepoint Security Manager modules are added and deleted on the Global Settings > General > Administrators page (accessed via the Global Settings button in the Security Manager toolbar). When creating an administrator account, define whether it has access to the Data Security module.

Once the account has been defined, use the Data Security module of Security Manager to configure its Forcepoint DLP-specific permissions.

There are 2 types of Forcepoint DLP administrators:

  • The User type is used for all administrator accounts that have access to the Data Security module of the Security Manager.
  • The Application type is used to access REST API services in the Data Security module of the Security Manager. The Application type provides permissions to perform API requests to query incidents and perform operations on incidents. When the Application type is selected, only permission for the Data module are granted. All permissions for other modules are disabled.

There are 3 types of Forcepoint DLP accounts:

  • Local administrator accounts are defined via Global Settings and granted Forcepoint DLP permissions. The administrator’s role is assigned in the Data Security module of the Security Manager.
  • Network administrator accounts are defined in an LDAP user directory, added via Global Settings, and granted Forcepoint DLP permissions. The administrator’s role is defined in the Data Security module of the Security Manager.
  • Network group administrator accounts belong to a user directory group added via Global Settings and granted Forcepoint DLP permissions. Each member of this group can log on to the Security Manager and work with the Data Security module. The group’s role is assigned in the Data Security module of the Security Manager.

Group members can belong to more than one group. When such users log on to the system, they are automatically assigned a custom role with the combined permissions from all their groups. The role name that appears in the Security Manager toolbar for these users is “Multiple Combined.”

Do to their nature, network group administrators do not have all the same capabilities as local and network administrators.

  • Network group administrators cannot be assigned incidents or release incidents.
  • Audit log records reflect the administrator who is currently logged on, not the administrator’s group.
  • On the Administrators page, local administrators, network administrators, and user directory groups are listed. Administrators within the network group are not displayed.
  • Local and network administrators can be policy owners, as can network groups (provided they have a valid email address). Individuals within the network group cannot own policies.
  • Local and network administrators can receive notifications, as can network groups (provided they have a valid email address). Individual within the network group cannot receive notifications.
  • Report ownership is given to individual administrators and not to directory groups. This ownership is given according to the administrator who is currently logged on, so group members can own reports.
  • Data Security module configurations are saved per administrator, rather than per group.
  • Several reports in the Security Manager show top values per administrator. In such reports, only individual administrators are displayed, and not groups.