search cancel

Symantec DLP Enforce permissions required for ICA's View DIM Payload and DLP Writeback functionality

book

Article ID: 237989

calendar_today

Updated On:

Products

Information Centric Analytics

Issue/Introduction

Which user permissions are required to enable Information Centric Analytics' (ICA) View DIM Payload button and the writeback of DIM incident status updates to Symantec DLP?

Environment

Release : 6.5.4

Component : Symantec DLP Integration Pack

Resolution

When integrating Symantec DLP with ICA, you are required to provide the username and password of an Enforce user that has been assigned the privileges and rights needed to query DLP's Incident, API, and Download Attachment URLs. Depending upon whether the option DLP Writeback Enabled is true or false, the Incident Update API may need to be granted to a role assigned to that user. At a minimum to enable the View DIM Payload button on DIM Incident Details pages, the following privileges and rights need to be assigned to the Enforce user:

In addition to the minimum privileges highlighted, we recommend enabling the Endpoint, Discover, and Custom attributes privileges.

To enable DLP writeback, the Remediate Incidents privilege needs to be selected under Actions, and the Incident Update privilege needs to be selected under Incident Reporting and Update API.

Additional Information

Please refer to the Symantec Information Centric Analytics 6.5.4 Integration and Solution Accelerator Guide for Symantec DLP for more information about configuring this integration.

Attachments