This article help users understand the expected result for “DLP Incidents by User” in the Control Manager/Apex Central Dashboard.
All top managers who do not report to anyone are displayed in the widget. Only by clicking the incidents will specific users with their corresponding incidents/managers be displayed. Take note that the specific users displayed on the incidents are those who report to the top manager.
Control Manager (TMCM) provides the following Data Loss Prevention (DLP) user roles:
- Administrator and DLP Compliance Officer
- DLP Compliance Officer
- DLP Incident Reviewer
In the “DLP Incident Investigation” Tab of the Dashboard, each widget panel provides the Incident Scope – All Managed Users and Directly Managed Users. Incident Scope is based on the Active Directory Users Architecture — specifically properties of the users in relation to “Direct Reports” and “Manager”.
For the "All Managed Users" and "Direct Managed Users" scopes, you will see the same result for the DLP Incident Reviewer user role since it is limited to access only directly managed users. For instance:
User Administrator and testDirector reports to testCEO
It is expected that once testCEO logs in, you will be able to see only user Administrator and testDirector on the “DLP Incidents by User” Widget on both Incident Scopes.
For the DLP Compliance Officer User role, you will be able see all incidents of all AD users. For instance:
- User Administrator and testDirector reports to testCEO
- User testuser reports to testHR
- User testuser2 reports to testTS
- User testLead reports to testFinance
Once a user with a DLP Compliance Officer role logs in, it is expected that you will be able to see the user testCEO, testHR, testTS, testFinance.