Understanding User Roles

Control Manager uses the following as the default user roles. Administrators cannot modify access permissions for the default user roles.

  • Administrator/Root

  • DLP Compliance Officer

  • DLP Incident Reviewer

  • Operator

  • Power User

Control Manager also supports custom user roles. Custom user roles allow Control Manager administrators to specify which Control Manager web console menu items other users can access.


Trend Micro suggests configuring user roles and user account settings in the following order:

  1. Specify which products/directories the user can access. (Step 8 of Editing a User Account.)

  2. Specify which menu items the user can access. (If the default user roles are not sufficient, see Adding a User Role or Editing a User Role.)

  3. Specify the user role for the user's account. (Step 7 of the Editing a User Account.)

The following table shows all the features that each default user role can access.

Table 1. User Role Access
Menu Item Administrator DLP Compliance Officer DLP Incident Reviewer Operator Power User





Policy Management


Policy Resources

Policy Template Settings


Managed Servers


DLP Data Identifiers


DLP Templates



New Ad Hoc Query


Saved Ad Hoc Queries


Log Aggregation


Log Maintenance



My Reports


One-time Reports


Scheduled Reports


Report Templates


Report Maintenance



Manual Download


Scheduled Download


Component List


Deployment Plan


Schedule Download Exceptions


Update / Deployment Settings



Account Management

My Account


User Accounts


User Roles


User Groups


Command Tracking


Event Center

Event Notifications


General Event Settings


License Management

Control Manager


Managed Product



Agent Communication Schedule


Communication Time-out Settings


Proxy Settings


Web Console Settings


Smart Protection Network Settings


Product Agents Settings


Active Directory and Widget Settings


Parent Control Manager Settings


Deep Security Management


Outbreak Prevention Services