McAfee DTP-165C-DPVG Installation Guide - Page 56

User and permission sets, Create and define McAfee DLP administrators

Get McAfee DTP-165C-DPVG - Network DLP Prevent 1650 Appliance PDF manuals and user guides View all McAfee DTP-165C-DPVG manuals
Add to My Manuals
Save this manual to your list of manuals

Page 56 highlights

6 Installing McAfee DLP Endpoint User and permission sets The Advanced Security Settings window now includes Domain Computers. 10 Click Add again to select an object type. 11 In the Enter the object name to select text box, type Administrators, then click OK to display the Permission Entry dialog box. Set the required permissions. Adding administrators is required for the whitelist folder. It is optional for the evidence folder, but can be added as a security precaution. Alternately, you can add permissions only for those administrators who deploy policies. 12 Click OK twice to close the dialog box. User and permission sets We recommend creating specific administrator roles and permissions in ePolicy Orchestrator for McAfee DLP Manager and McAfee DLP Monitor. These roles can include creating and saving policies, viewing (but not changing) policies, generating override, uninstall, and quarantine release keys, viewing the McAfee DLP Monitor, and revealing sensitive fields in the monitor. Sensitive data redaction and the McAfee DLP Monitor permission sets To meet the legal demand in some markets to protect confidential information in all circumstances, McAfee DLP Endpoint software offers a data redaction feature. Fields in the McAfee DLP Monitor containing confidential information are encrypted to prevent unauthorized viewing. The feature is designed with a "double key" release. This means that to use the feature, you must create two permission sets: one to view the monitor and another to view the encrypted fields. Both roles are required to use the feature. Create and define McAfee DLP administrators Creates and defines a McAfee DLP administrator in McAfee ePolicy Orchestrator. Administrative users can be created either before or after the permission sets assigned to them. Task 1 Click New User. 2 Type a user name and specify logon status, authentication type, and permission sets. We recommend creating user groups related to the role, for example DLP Quarantine Administrator. The order of creating users and permission sets is not critical. If you create users first, user names appear in the permission set form and you can attach them to the set. If you create permission sets first, the permission set names appear in the user form and you can attach the user to them. 3 Click Save. 56 McAfee Data Loss Prevention 9.2.0 Installation Guide

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
The
Advanced Security Settings
window now includes Domain Computers.
10
Click
Add
again to select an object type.
11
In the
Enter the object name to select
text box, type
Administrators
, then click
OK
to display the
Permission Entry
dialog box. Set the required permissions.
Adding administrators is required for the whitelist folder. It is optional for the evidence folder, but
can be added as a security precaution. Alternately, you can add permissions only for those
administrators who deploy policies.
12
Click
OK
twice to close the dialog box.
User and permission sets
We recommend creating specific administrator roles and permissions in ePolicy Orchestrator for
McAfee DLP Manager and McAfee DLP Monitor. These roles can include creating and saving policies,
viewing (but not changing) policies, generating override, uninstall, and quarantine release keys,
viewing the McAfee DLP Monitor, and revealing sensitive fields in the monitor.
Sensitive data redaction and the McAfee DLP Monitor permission sets
To meet the legal demand in some markets to protect confidential information in all circumstances,
McAfee DLP Endpoint software offers a data redaction feature. Fields in the McAfee DLP Monitor
containing confidential information are encrypted to prevent unauthorized viewing. The feature is
designed with a "double key" release. This means that to use the feature, you must create
two
permission sets
: one to view the monitor and another to view the encrypted fields. Both roles are
required to use the feature.
Create and define McAfee DLP administrators
Creates and defines a McAfee DLP administrator in McAfee ePolicy Orchestrator. Administrative users
can be created either before or after the permission sets assigned to them.
Task
1
Click
New User
.
2
Type a user name and specify logon status, authentication type, and permission sets.
We recommend creating user groups related to the role, for example DLP Quarantine Administrator.
The order of creating users and permission sets is not critical. If you create users first, user names
appear in the permission set form and you can attach them to the set. If you create permission sets
first, the permission set names appear in the user form and you can attach the user to them.
3
Click
Save
.
6
Installing McAfee DLP Endpoint
User and permission sets
56
McAfee Data Loss Prevention 9.2.0
Installation Guide