Cisco IronPort AsyncOS 7.5 for Email Daily Management Guide
Chapter 8 Common Administrative Tasks
Managing Custom User Roles for Delegated Administration
Mail Policies and Content Filters
The Mail Policies and Content Filters access privileges define a delegated
administrator’s level of access to the incoming and outgoing mail policies and
content filters on the Email Security appliance. You can assign specific mail
policies and content filters to a custom user role, allowing only the delegated
administrators belonging to this role, along with operators and administrators, to
manage the mail policies and content filters.
All delegated administrators with this access privilege can view the default
incoming and outgoing mail policies but they can only edit these policies if they
have full access.
All delegated administrators with access privileges can create new content filters
to use with their mail policies. A content filter created by a delegated
administrator is available to the other delegated administrators assigned to the
custom user role. Content filters that are not assigned to any custom user role are
public and can be viewed by all delegated administrators with the mail policy
access privilege. Content filters created by operators and administrators are public
by default. Delegated administrators can enable or disable any existing content
filters on mail policies assigned to their custom user role, but they cannot modify
or delete public content filters.
If a delegated administrator deletes a content filter used by mail policies other
than their own, or if the content filter is assigned to other custom user roles,
AsyncOS does not delete the content filter from the system. AsyncOS instead
unlinks the content filter from the custom user role and removes it from the
delegated administrator’s mail policies. The content filter remains available to
other custom user roles and mail policies.
Delegated administrators can use any text resource or dictionary in their content
filters, but they cannot access the Text Resources or Dictionaries pages in the GUI
to view or modify them. Delegated administrators also cannot create new text
resources or dictionaries.
For outgoing mail policies, delegated administrators can enable or disable DLP
policies but they cannot customize the DLP settings unless they also have DLP
You can assign one of the following access levels for mail policies and content
filters to a custom user role:
No access: Delegated administrators cannot view or edit mail policies and
content filters on the Email Security appliance.