Understanding DLP User Roles

Control Manager provides the following Data Loss Prevention (DLP) user roles:

  • Administrator and DLP Compliance Officer

  • DLP Compliance Officer

  • DLP Incident Reviewer

Note:

You can only assign the "DLP Compliance Officer" and "DLP Incident Reviewer" roles to Active Directory user accounts.

The following table describes the features and characteristics related to the DLP user roles:

Feature

Role

Description

DLP logs

Administrator and DLP Compliance Officer

  • View DLP log data for all Active Directory users

  • Access specific widgets that display DLP incident information

DLP Compliance Officer

  • Access limited to DLP logs related to directly managed users

  • Access specific widgets that display DLP incident information

DLP Incident Reviewer

Incident scope

Administrator and DLP Compliance Officer

  • View DLP incident data for all Active Directory users by clicking the settings icon ( > ) on any of the following DLP Incident Investigation widgets and selecting All managed users for the Scope.

    • DLP Incidents by Severity and Status

    • DLP Incident Trends by User

    • DLP Incidents by User

    Note:
    • By default, the scope for each DLP Incident Investigation widget only allows this role to view incident data for Directly managed users.

    • Changing the Scope for one DLP Incident Investigation widget does not affect the scope of any other widget.

  • On all other screens:

    • User accounts assigned with the "Administrator and DLP Compliance Officer" role can view data from all Active Directory users reported by managed products according to the user account's product scope

    • The "DLP Compliance Officer" role cannot view any data

DLP Compliance Officer

DLP Incident Reviewer

View DLP incident data for directly managed users

Menu access

Administrator and DLP Compliance Officer

Access the DLP Incident Investigation tab and the following widgets:

  • DLP Incidents by Severity and Status

  • DLP Incident Trends by User

  • DLP Incidents by User

For more information, see DLP Incident Investigation Tab.

DLP Compliance Officer

DLP Incident Reviewer

Scheduled incident summary notification

Administrator and DLP Compliance Officer

Receive the following:

  • Daily or weekly email notification

  • Summary list of incident count by severity level

  • Link to the Control Manager web console

DLP Compliance Officer

DLP Incident Reviewer

Incident details updated notification

Administrator and DLP Compliance Officer

Receive notification of changes to incident status or comments

Note:

The "DLP Incident Reviewer" role does not receive this notification.

DLP Compliance Officer