Controlling assignments with users and permission sets McAfee DLP uses McAfee ePO Users and Permission Sets to assign different parts of the McAfee DLP administration to different users or groups. Tip: Create specific McAfee DLP permission sets, users, and groups. Create different roles by assigning different administrator and reviewer permissions for the different McAfee DLP modules in McAfee ePO. System Tree filtering permissions support McAfee DLP supports McAfee ePO System Tree filtering permissions in DLP Incident Manager and DLP Operations. When System Tree filtering is enabled, McAfee ePO operators can only see incidents from computers in their permitted part of the System Tree. Group Administrators do not have any permissions in the McAfee ePO System Tree by default. Regardless of permissions assigned in the Data Loss Prevention permission set, they cannot see any incidents in DLP Incident Manager or DLP Operations. System Tree filtering is disabled by default, but can be enabled in DLP Settings. Tip: If you use Group Administrators in Data Loss Prevention permission sets, give Group Administrators: · View "System Tree" tab permission (under Systems)· System Tree access permissions at the appropriate level Sensitive data redaction and the McAfee ePO permission sets To meet the legal demand in some markets to protect confidential information in all circumstances, McAfee DLP software offers a data redaction feature. Fields in the DLP Incident Manager and DLP Operations consoles with confidential information can be redacted to prevent unauthorized viewing. Links to sensitive evidence are hidden. The feature is designed with a "double key" release. Thus, to use the feature, you must create two permission sets: one to view the incidents and events and another to view the redacted fields (supervisor permission). Both roles can be assigned to the same user. REST API for importing definitions and applying policies McAfee DLP uses REST (REpresentational State Transfer) architecture for certain functions to reduce bandwidth. Assigning McAfee DLP permission sets McAfee DLP permission sets assign permissions to view and save policies, and view redacted fields. They are also used to assign role-based access control (RBAC). Create a McAfee DLP permission setPermission sets define different administrative and reviewer roles in McAfee DLP software. Create a DLP Help Desk permission set Assign Help Desk permissions to a permission set group.