Default User Roles

Control Manager provides default user roles that you can assign to user accounts. User roles define which areas of the Control Manager web console a user can access and control. Although you can add access rights to a default user role, you cannot remove any of the predefined access rights from a default user role.

Note:

Only the Root, Administrator, and Administrator and DLP Compliance Officer accounts can create new user accounts and assign user roles.

For more information about adding or editing custom user roles, see the following topics:

The following table describes the default roles available on the User Roles screen.

Role

Description

Administrator (DLP Compliance Officer)

  • Can perform all actions on all menu items

  • Can monitor, review, and investigate DLP incidents triggered by any Active Directory user

Administrator

  • Can perform all actions on all menu items

  • Cannot monitor, review, or investigate DLP incidents triggered by any Active Directory user

DLP Compliance Officer

  • Can perform all actions on the Dashboard

  • Can monitor, review, and investigate DLP incidents triggered by any Active Directory user

Note:

This user role is only available to Active Directory users or groups.

DLP Incident Reviewer

  • Can perform all actions on the Dashboard

  • Can only monitor, review, and investigate DLP incidents triggered by Active Directory users that report to the DLP Incident Reviewer

Note:

This user role is only available to Active Directory users or groups.

For more information, see the following topics:

Operator

  • Can perform all actions on all the Dashboard and Directories menu items

  • Can perform all perform log queries, view reports generated and sent by other users, and update user account information

  • Can only view information on the Policy Management screen

  • Cannot monitor, review, or investigate DLP incidents triggered by any Active Directory user

Power User

  • Can perform all actions on all the Dashboard and Directories menu items

  • Can perform log queries, maintain logs, generate and maintain reports, and update user account information

  • Can only view information on the Policy Management screen

  • Cannot monitor, review, or investigate DLP incidents triggered by any Active Directory user

Read-only User

  • Can view information on all menu items and update user account information

  • Can perform all actions on the Dashboard

  • Can perform log queries, generate reports, create custom report templates, search directories, and create and use custom tags/filters to manage the User/Endpoint Directory tree

  • Cannot view reports generated by other users

SSO User

  • Can perform all actions on all menu items

  • Cannot monitor, review, or investigate DLP incidents triggered by any Active Directory user

Note:

The Operator and Power User roles in previous versions do not have permissions to Policy Management menu items. After upgrading to this version, these two roles will have read-only permissions, which cannot be changed.