Video Screencast Help

DLP Role Creation

Created: 18 Oct 2013 • Updated: 21 Oct 2013 | 6 comments
Alex at Fishnet Security's picture
This issue has been solved. See solution.

I'm new to the DLP product and my client wants to create a roll with all the system admin rights except for the ability to see the DLP incidents themselves.  The idea is to have a full admin without the ability to read the mail or files.



Operating Systems:

Comments 6 CommentsJump to latest comment

Thomas Fürling's picture

Hi Alex

We propose our clients the following basic roles:

  • Incident Manager
    Sees the incidents and can be further segregated to types of incidents (DiM, DiU, DaR), policies  or further rules
  • Policy Managager
    Create, tunes and manages your policies. Persons with that role should not be incident manager (and vice versa) to ensure proper segregation of duty. This role also manages DaR credentials.
  • Operations Manager
    Member so this role configure Enforce, manage scanners etc.

If you splitt up these roles, you can create any required roles.



fivelakes's picture

Have you gone into the "DLP Roles" for the user(s) in question under user priveledges and unchecked view incidents?

Thomas Fürling's picture

You create those roles first. Per role mentioned above, you grant or deny the different privileges. When done, you grant membership to those roles for the users.

The admin account and the password is put into sealed envelop and given to the access control people for their records. Is not normally not used anymore.

kishorilal1986's picture

Dear Alex,

Just go to tab System ->Role and click to create new  Role and named as System Administrator.Under this Role defined all views and marked them except uncheck/unmarked Incident View , After this You can create multiple users and assign them under System administrator Role. These user can only see system view (Agents,servers,policies etc. ) & incident ID but not contents,mails of those DLP incidents.

stephane.fichet's picture

hi alex,

just uncked incident view in general tab of DLP role definition and then your role wont have any view on DLP incident.

 I used to split technical admin and functional admin:

- technical admin : server administration, discover scan control and credential management.

- functional admin : policy management (response rule and author response rule)

but role definition and seggregation has to take into account manpower available in your customer company.


Alex at Fishnet Security's picture

Thanks for the advise everyone.  :)