Symantec DLP Enforce permissions required for ICA's View DIM Payload and DLP Writeback functionality
Article ID: 237989
Updated On:
Products
Issue/Introduction
Which user permissions are required to enable Information Centric Analytics' (ICA) View DIM Payload button and the writeback of DIM incident status updates to Symantec DLP?
Environment
Release : 6.x
Component : Symantec DLP Integration Pack
Resolution
When integrating Symantec DLP with ICA, you are required to provide the username and password of an Enforce user that has been assigned the privileges and rights needed to query DLP's Incident, API, and Download Attachment URLs. Depending upon whether the option DLP Writeback Enabled is true or false, the Incident Update API may need to be granted to a role assigned to that user. At a minimum to enable the View DIM Payload button on DIM Incident Details pages, the following privileges and rights need to be assigned to the Enforce user:
In addition to the minimum privileges highlighted, we recommend enabling the Endpoint, Discover, and Custom attributes privileges.
To enable DLP writeback, the Remediate Incidents privilege needs to be selected under Actions, and the Incident Update privilege needs to be selected under Incident Reporting and Update API.
Additional Information
Please refer to the Symantec DLP Integration section of the Symantec ICA Integration and Solution Accelerator Guide for more information about configuring this integration.
Feedback
