Controlling assignments with users and permission sets

McAfee DLP uses McAfee ePO Users and Permission Sets to assign different parts of the McAfee DLP administration to different users or groups.

Tip: Create specific McAfee DLP permission sets, users, and groups. Create different roles by assigning different administrator and reviewer permissions for the different McAfee DLP modules in McAfee ePO.

System Tree filtering permissions support

McAfee DLP supports McAfee ePO System Tree filtering permissions in DLP Incident Manager and DLP Operations. When System Tree filtering is enabled, McAfee ePO operators can only see incidents from computers in their permitted part of the System Tree. Group Administrators do not have any permissions in the McAfee ePO System Tree by default. Regardless of permissions assigned in the Data Loss Prevention permission set, they cannot see any incidents in DLP Incident Manager or DLP Operations. System Tree filtering is disabled by default, but can be enabled in DLP Settings.

Tip: If you use Group Administrators in Data Loss Prevention permission sets, give Group Administrators:
· View "System Tree" tab permission (under Systems)
· System Tree access permissions at the appropriate level

Sensitive data redaction and the McAfee ePO permission sets

To meet the legal demand in some markets to protect confidential information in all circumstances, McAfee DLP software offers a data redaction feature. Fields in the DLP Incident Manager and DLP Operations consoles with confidential information can be redacted to prevent unauthorized viewing. Links to sensitive evidence are hidden. The feature is designed with a "double key" release. Thus, to use the feature, you must create two permission sets: one to view the incidents and events and another to view the redacted fields (supervisor permission). Both roles can be assigned to the same user.