McAfee DTP-1650-MGRA Installation Guide - Page 57

User and permission sets, Create and define McAfee DLP administrators

Get McAfee DTP-1650-MGRA - Network DLP Manager 1650 Appliance PDF manuals and user guides View all McAfee DTP-1650-MGRA manuals
Add to My Manuals
Save this manual to your list of manuals

Page 57 highlights

Installing McAfee DLP Endpoint User and permission sets 5 8 In the Enter the object name to select field, type Domain Computers, then click OK. The Permission Entry dialog box is displayed. 9 In the Allow column, select: • Create Files/Write Data and Create Folders/Append Data for the evidence folder • List Folder/Read Data for the whitelist folder Verify that the Apply onto option says This folder, subfolders and files, then click OK. The Advanced Security Settings window now includes Domain Computers. 10 Click Add again to select an object type. 11 In the Enter the object name to select field, type Administrators, then click OK to display the Permission Entry dialog box. Set the required permissions. Adding administrators is required for the whitelist folder. It is optional for the evidence folder, but can be added as a security precaution. Alternately, you can add permissions only for those administrators who deploy policies. 12 Click OK twice to close the dialog box. User and permission sets We recommend creating specific administrator roles and permissions in ePolicy Orchestrator for McAfee DLP Manager and McAfee DLP Monitor. These roles can include creating and saving policies, viewing (but not changing) policies, generating override, uninstall, and quarantine release keys, viewing the McAfee DLP Monitor, and revealing sensitive fields in the monitor. Sensitive data redaction and the McAfee DLP Monitor permission sets To meet the legal demand in some markets to protect confidential information in all circumstances, McAfee DLP Endpoint software offers a data redaction feature. Fields in the McAfee DLP Monitor containing confidential information are encrypted to prevent unauthorized viewing. The feature is designed with a "double key" release. This means that to use the feature, you must create two permission sets: one to view the monitor and another to view the encrypted fields. Both roles are required to use the feature. Create and define McAfee DLP administrators Administrative users can be created either before or after the permission sets assigned to them. Task For option definitions, click ? in the interface. 1 In McAfee ePolicy Orchestrator, select Menu | User Management | Users. 2 Click New User. McAfee Data Loss Prevention 9.2.1 Installation Guide 57

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
8
In the
Enter the object name to select
field, type
Domain Computers
, then click
OK
.
The
Permission Entry
dialog box is displayed.
9
In the
Allow
column, select:
Create Files/Write Data
and
Create Folders/Append Data
for the evidence folder
List Folder/Read Data
for the whitelist folder
Verify that the
Apply onto
option says
This folder, subfolders and files
, then click
OK
.
The
Advanced Security Settings
window now includes
Domain Computers
.
10
Click
Add
again to select an object type.
11
In the
Enter the object name to select
field, type
Administrators
, then click
OK
to display the
Permission
Entry
dialog box. Set the required permissions.
Adding administrators is required for the whitelist folder. It is optional for the evidence folder, but
can be added as a security precaution. Alternately, you can add permissions only for those
administrators who deploy policies.
12
Click
OK
twice to close the dialog box.
User and permission sets
We recommend creating specific administrator roles and permissions in ePolicy Orchestrator for
McAfee DLP Manager and McAfee DLP Monitor. These roles can include creating and saving policies,
viewing (but not changing) policies, generating override, uninstall, and quarantine release keys,
viewing the McAfee DLP Monitor, and revealing sensitive fields in the monitor.
Sensitive data redaction and the McAfee DLP Monitor permission sets
To meet the legal demand in some markets to protect confidential information in all circumstances,
McAfee DLP Endpoint software offers a data redaction feature. Fields in the McAfee DLP Monitor
containing confidential information are encrypted to prevent unauthorized viewing. The feature is
designed with a "double key" release. This means that to use the feature, you must create
two
permission sets
: one to view the monitor and another to view the encrypted fields. Both roles are
required to use the feature.
Create and define McAfee DLP administrators
Administrative users can be created either before or after the permission sets assigned to them.
Task
For option definitions, click
?
in the interface.
1
In McAfee ePolicy Orchestrator, select
Menu
|
User Management
|
Users
.
2
Click
New User
.
Installing McAfee DLP Endpoint
User and permission sets
5
McAfee Data Loss Prevention 9.2.1
Installation Guide
57