DLP role is not seeing correct incidents based on the Incident Access configuration

book

Article ID: 184778

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

A custom DLP role is not seeing all incidents based on the role's Incident Access configuration.  Specifically, the Incident Access configuration is using a comma delimited list of criteria (e.g. Subject > Contains Any of > Criteria1, Criteria2, Criteria3).  When a member of the DLP role logs into view incidents, they are not seeing incidents that should be matching on Criteria2 or Criteria3.

Cause

This is a known issue that has been reported to Engineering (Etrack 4233971).  When the UI receives a mixture of comma or newline delimited lists, not all the white space is trimmed out.  From the example of "Criteria1, Criteria2, Criteria3", the database is storing the entries as "Criteria1", " Criteria2", and " Criteria3" [noting the additional space at the beginning of Criteria2 and Criteria3].

Environment

Data Loss Prevention 15.5 MP1

Resolution

Engineering is working on a fix for this issue.  As a workaround, ensure that any delimited lists do not contain extra spaces.  From the example cited above, if the Incident Access criteria is specified as "Criteria1,Criteria2,Criteria3" [noting there are no spaces between the comma and the next term], then the database will store the criteria correctly without the extra whitespace.