Editing roles

Delegated administrators can use the Delegated Administration > Edit Role page to view the list of clients managed by their role, and the specific reporting permissions granted.

Super Administrators can use this page to select the administrators and clients for a role, and to set administrator permissions, as described below. Only unconditional Super Administrators can delete administrators and clients from a role.

  1. Change the role Name and Description, as needed.

    The name of the Super Administrator role cannot be changed.

  2. Add or remove administrators for this role (Super Administrators only).
    Item Description
    User Name Administrator’s user name.
    Account Type Indicates whether the user is defined in the network directory service (Directory) or unique to the Forcepoint Security Manager (Local).
    Reporting Give the administrator permission to use reporting tools.
    Real-Time Monitor Give the administrator permission to monitor all Internet activity for any Policy Server.
    Policy

    Give the administrator permission to create filters and policies, and apply policies to the role’s managed clients.

    In the Super Administrator role, administrators with policy permission can also manage certain web protection configuration settings. See Super Administrator permissions.
    Auditor

    Give the administrator permissions to see all of the features and functions available to other administrators in the role, but without the ability to save changes.

    The check boxes for other permissions are disabled when Auditor permissions are selected.
    Add Open the Add Administrators page. See Adding Administrators.
    Delete

    Remove the selected administrators from the role.

    • Available to unconditional Super Administrators only.
    • Unconditional Super Administrator accounts can only be removed from the Global Settings > Administrators page.
  3. Add and delete Managed Clients for the role.

    Changes can be made by Super Administrators only. Delegated administrators can view the clients assigned to their role.

    Item Description
    <Name> Displays the name of each client explicitly assigned to the role. Administrators in the role must add the clients to the Clients page before policies can be applied. See Performing delegated administrator tasks.
    Add Opens the Add Managed Clients page. See Adding managed clients.
    Delete

    Available to unconditional Super Administrators only, this button removes from the role any clients marked in the managed clients list.

    Some clients cannot be deleted directly from the managed clients list. See Delete managed clients for more information.
  4. Use the Deployment Status Permissions area to indicate whether administrators in this role can Access the Status > Deployment page to see information about the status of the components in your deployment.

    If you grant delegated administrators access to the page, also select whether they can Start components or Stop components.

  5. Use the Reporting Permissions area to select the features available to administrators in this role who have reporting access.
    1. Choose the general level of reporting permissions:
      Option Description
      Report on all clients

      Select this option to give administrators permission to generate reports on all network users.

      Use the remaining options in the Reporting Permissions area to set the specific permissions for administrators in this role.

      This option enables access to the Advanced File Analysis report.
      Report on managed clients only

      Select this option to limit administrators to reporting on the managed clients assigned to this role. Then, select the investigative reports features these administrators can access.

      Administrators limited to reporting on managed clients only cannot access presentation reports or user-based reports on the Dashboard page.
    2. Mark the check box for each reporting feature that appropriate administrators in the role are permitted to use.
      Option Description
      Access presentation reports Enables access to presentation reports features. This option is available only when administrators can report on all clients. See Presentation reports.
      Access the Status > Dashboard page

      Enables display of charts showing Internet activity on the Risks, Usage, and System dashboards. See The Status Dashboards.

      If this option is deselected, administrators can view only the Health Alert and Value Estimates (if displayed) sections of the System dashboard.

      Access Threat data (Threats dashboard + Report Center)

      Allows administrators to access charts, summary tables, and event details related to advanced malware threat activity in your network. See Threats dashboard.

      Allows administrators to view the Threat Details in Report Center’s Transaction Viewer. See Transaction Viewer display options.

      Access forensics data

      (Forcepoint Web Security only) Allows administrators to view files associated with threat activity, and review information about attempts to send the files. See Configuring forensics data storage.

      Allows administrators to view the Forensics Data in Report Center’s Transaction Viewer. See Transaction Viewer display options.
      Access investigative reports

      Enables access to basic investigative reports features. When this option is selected, additional investigative reports features can be selected, also. See Investigative reports.

      This option enables access to the Source IP link on the Advanced File Analysis report.
      View user names in investigative reports

      Allows administrators in this role to view user names, if they are logged. See Configuring how requests are logged.

      Deselect this option to show only system-generated identification codes, instead of names.

      This option is available only when administrators are granted access to investigative reports.
      Save investigative reports as favorites

      Allows administrators in this role to create favorite investigative reports. See Favorite investigative reports.

      This option is available only when administrators are granted access to investigative reports.
      Schedule investigative reports

      Allows administrators in this role to schedule investigative reports to run at a future time or on a repeating cycle.

      See Scheduling investigative reports.

      This option is available only when administrators are granted permissions to save investigative reports as favorites.
      Access the Report Center Enables access to the Report Center. When this option is selected, the administrator can also access Report Builder and Transaction Viewer. See Report Center.

      View user names and hostnames in reports

      Allows administrators to view user information when creating or viewing reports. When unchecked, an internally assigned user identification number displays wherever User would appear in a report or chart. A hash of the hostname appears in place of the true hostname in Transaction Viewer details. See Report Center.

      This option is available only when administrators are granted access to the Report Center.
      Schedule Reports

      Allows administrators to add scheduled jobs in the Report Center. See Report Center Scheduler.

      This option is available only when administrators can report on all clients and are granted access to the Report Center.
      Manage the Log Database

      Allows administrators to access the Settings > Reporting > Log Database page.

      See Log Database administration settings.
      Access application reports

      Allows administrators to see browser, platform, cloud application, and user agent data on the Reporting > Applications page.

      See Application reporting.
  6. When you are finished making changes, click OK to cache the changes and return to the Delegated Administration page. Changes are not implemented until you click Save and Deploy.