Selecting items to include or exclude in a policy

A selector tool is used to select the items to include in a DLP or discovery policy, such as sources, destinations, channels, and actions, among others. For most operations— selecting application names, content classifier names, or files, for example—the selector looks like this:

Use the selector to specify which entities to include in the rule and which to exclude. If, for example, you want users in the Finance group to be able to move, copy, and print corporate financial data in the /finance directory, select the Finance group with the Sources selector and the /finance directory with the Destinations selector.

When there is an exception, add it to the exclusions list. If, for example, user bsmith is a member of the Finance group, but should not have access to the /finance directory, r, you would add user bsmith to the exclusions list.

A rule can have multiple exclusions.

To use the selector, complete the fields as follows:

Field Description
Display

Select the entity—such as computers or networks if you are selecting a source—to display in the Available List box at the bottom of the page.

If you do not see what you want to display, in some cases you can create a new resource by clicking the “new” icon to the right of the field.

See Defining Resources, for instructions.

Filter by

Typically, too many entries are available to display on one page. Use the Filter by field to specify criteria for filtering the list. If you enter “jones”, the system searches for any entry that contains the string “jones”. It is equivalent to searching “*jones*”.

You can use additional wildcards in your filter string if desired. For example, “?” represents any single character, as in the example “file_?.txt”.

Click the search icon to filter the data.

Available items

Lists the items that are available for selection in the current display category. Use the page forward/backward controls to navigate from one page to the next, or to the first or last page.

In some cases, a folder icon or up arrow appears. Click the icon to display the directory one level up in the directory tree. You can also click the breadcrumbs above the list to navigate to another level.

If you chose Directory Entries in the Display field, hover over an item in this list to see all the fields that will be searched—login, full name, domain name, and email address.

Selected items

Use the right and left arrows to move items into and out of the selected list. If you want to include a computer named Bob_Computer, then highlight it on the left. Make sure the Include tab is active, and then click >. If you want to exclude Bob_Computer, make sure the Exclude tab is active when you click >.

If you select more than 1500 items, you receive an error message. Consider creating a business unit to add more items to the Selected box.

Tip: you can move a group of users, computers, networks, etc. into the Include box, then remove one user, computer, or network by highlighting it on the right and clicking Remove.