4 Replies Latest reply on Nov 30, 2016 1:21 PM by nicholas.klebs

    DLP 10 Prevent - required user permissions on EPO to register applaince

    nicholas.klebs

      What are the required EPO Permissions that need to be granted to the User ID used to register a DLP 10 Prevent appliance?

      We are having trouble getting this information from support, and the recommendation is to just use Global Admin Permissions.

        • 1. Re: DLP 10 Prevent - required user permissions on EPO to register applaince
          hhoang

          The DLP 10 Prevent appliance is technically just a managed system is far as EPO is concerned.  When you say register the appliance what are you trying to do specifically?

          • 2. Re: DLP 10 Prevent - required user permissions on EPO to register applaince
            nicholas.klebs

            Following the directions from the DLP 10 Prevent Product Guide - starting on Page 51 (Install the software on a hardware appliance)......

            There is an "ePO Registration" step: where a User ID, Password, and EPO Server IP and Port need to be input from the Physical Console on the appliance.

            We are wondering what Permissions the User ID requires on the EPO side.

             

            hhoang - Are you suggesting that we should be able to just add the appliance name to the EPO System tree, apply policy, and continue on our way with getting the Appliance to work ?

             

            Thanks for any assistance you can provide.

            • 3. Re: DLP 10 Prevent - required user permissions on EPO to register applaince
              hhoang

              No, the way you had worded it originally I was under the impression you were trying to 'register' as in add the appliance to the system tree.  The appliance has a built-in Mcafee agent on the install which would handle that for you which was what I was getting at. 

               

              To answer your question though, since the majority of the management of the appliance is handled through the MA I would imagine that it is simply using those credentials to update the appliance management statistics.  I would try credentials that have permissions to appliance management at the very least:

               

               

              Is there a particular reason why you do not want to use the global admin credentials? 

              • 4. Re: DLP 10 Prevent - required user permissions on EPO to register applaince
                nicholas.klebs

                Thanks for the suggestion, we will try the registration with the Appliance Management Permissions set for the User ID performing the registration.

                 

                Two reasons we do not want to use the global admin account; 1) we are in regulated industry and IDs that do not follow least privilege principle are called out and scrutinized, 2) we are not at the physical location of the physical appliances, and we must provide an ID and Password to Data Center employee for the registrations, we would like to hand this resource an ID that can only do what is required (in this case to register the appliance).