When you click the "View" or "Release" link in the Quarantine Notification you receive from a Symantec Messaging Gateway (SMG) appliance, you're not asked for any login credentials. Instead, you're directly opening the contents of your end-user quarantine. This creates a security concern for your SMG environment.
This behaviour does not expose your environment to security risks.
Please consider the following points to understand the matters of security concerns on this feature:
Given the above reasons, Symantec however added (starting SBG version 7.6) the option to not include the mentioned links and allows the administrator for force end users to access the Spam Quarantine.
The following KB article contains the steps required to implement those changes: