Customized role permissions
Configure customized permissions for the role as follows:
Steps
- Under Status, select the status reports to which this role should have access:
- The Dashboard shows system alerts, statistics, and an incident summary over the last 24 hours.
- The System Health screen enables you to monitor the performance of Forcepoint DLP servers and protectors.
- The Endpoint Status screen summarizes the results of endpoint connectivity tests. (Not included in Forcepoint Web Security or Forcepoint Email Security.)
- The Mobile Status contains details of the traffic being monitored by Forcepoint DLP over specific periods, such as data that has breached policies and the actions taken.
- Under Reporting, select the Data Loss Prevention & Mobile incident and reporting functions that this role should be able to access.
- Select Summary reports to give administrators with this role access to data loss prevention summary reports.
- Select Detail reports to give administrators with this role access to data loss prevention incident detail reports. When this option is selected, several more are
made available:
- Select View violation triggers to allow administrators to view the values that trigger violations.
- Select View forensics to allow administrators to view forensics for this incident. (Users who aren’t allowed to see this confidential data cannot see a preview of the email message or the content of the transaction in other channels.)
- Select Perform operations on incidents to allow administrators with this role to be able to perform all escalation, remediation, and workflow operations on data loss prevention or mobile incidents.
- Select Export incidents to a PDF or CSV file to allow administrators with this role to bulk export DLP or mobile incidents from an incident report to a PDF or CSV file. Exports include all data in the current report.
- Select Incident Risk Ranking reports to allow administrators with this role to access Incident Risk Ranking and My Case reports.
- Select Hide source or select Destination to prevent administrators with this role from seeing source or destination information like user names and IP
addresses. Instead, reports will show sources and destinations as unique IDs generated by the system.
These permissions do not affect the source and destination fields in the syslog. Syslog always displays names.
In addition, these permissions do not affect the source and destination fields in:- Incident Export - in order to prevent the administrators from viewing the source and destination, make sure the ‘All other general settings’ option is disabled.
- Traffic Log - in order to prevent the administrators from viewing the information, make sure the ‘Traffic log’ option is disabled.
-
Select the Discovery incident and reporting functions for this role. Discovery functions are not included in Forcepoint Web Security or Forcepoint Email Security.
- Summary reports - Select this option to give administrators with this role access to discovery summary reports.
- Detail reports - Select this option to give administrators with this role access to discovery detail reports. When this option is selected, more are made available:
- View violation triggers - Select this option if you want the administrator to view the values that trigger discovery violations.
- Perform operations on incidents - Select this option if you want administrators with this role to be able to perform all escalation, remediation, and workflow operations on discovery incidents.
- Export incidents to a PDF or CSV file - Select this option if you want to allow administrators with this role to bulk export discovery incidents from an incident report to a PDF or CSV file. Exports include all data in the current report.
- Mark Send email notifications if administrators with this role should be notified when an incident is assigned to them.
-
Under Policy Management, select the policy management functions this role should be able to perform.
- Data loss prevention policies - Can configure DLP policies for all channels as well as content classifiers and resources.
- Discovery policies - Can configure discovery policies, tasks, content classifiers, and resources.
- Sample database records - Can view sample database information when editing a database fingerprinting classifier, including database, Salesforce, and CSV
classifiers.
This is offered on the Field Selection page of the fingerprinting wizard when you define the records to fingerprint. It allows you to verify that you’ve set up the classifier as intended. See Database Fingerprinting Wizard - Field Selection section for more details.
Administrators can always view sample data when creating a new classifier, but you may not want all administrators to view data set up by others. If you clear this box, this option is grayed out for administrators with this role.
-
Under Logs, select the logs to which this role should have access.
- The Traffic log contains details of the traffic being monitored by Forcepoint DLP over specific periods, such as data that has breached policies and the actions taken.
- The System log displays system events sent from different Forcepoint components, for example Forcepoint DLP servers, protectors, or policy engines.
- The Audit log displays actions performed by administrators in the system.
-
Under Settings, select which General settings options administrators with this role should be able to access.
- Services - Administrators can configure local and external services like Linking Service and Microsoft RMS.
- Archive Partitions - Administrators can select incident partitions, then archive, restore or delete them.
- Policy Updates - Administrators can update predefined policies to the latest version.All other general settings
- Analytics - Administrators can configure settings used to calculate risk scores in the Incident Risk Ranking report.
- All other general settings - Administrators can configure all other settings in the Settings > General menu.
- Indicate whether administrators in this role can configure Data Security module Authorization settings.
-
Under Deployment, select which functions administrators with this role should be able to perform.
- Manage system modules - Give this role the ability to register modules with the management server.
- Manage endpoint profiles - Give this role the ability to view and edit endpoint profiles. Administrators can add new endpoint profiles, delete profiles, and rearrange their order. (Not included in Forcepoint Web Security or Forcepoint Email Security.)
- Deploy settings - Give this role the ability to deploy configuration settings to all system modules.
- Click OK to save your changes.