Data Loss Prevention role

Applies to: Exchange Server 2013

The Data Loss Prevention management role enables administrators to create and manage data loss prevention (DLP) policies and the rules within them, which can affect mail delivery for an entire organization. Furthermore, this role provides administrators with the ability to configure Policy Tips that appear in email clients and manage DLP policy violation reports. This DLP role also enables access to Microsoft Exchange transport rules. For more information about transport rules in Exchange, see the following topics:

Default management role assignments

This role has role assignments to one or more role assignees. The following table indicates whether the role assignment is regular or delegating, and also indicates the management scopes applied to each assignment. The following list describes each column:

  • Regular assignment: Regular role assignments enable the role assignee to access the permissions provided by the management role entries on this role.
  • Delegating assignment: Delegating role assignments give the role assignee the ability to assign this role to role groups, users, or USGs.
  • Recipient read scope: The recipient read scope determines what recipient objects the role assignee is allowed to read from Active Directory.
  • Recipient write scope: The recipient write scope determines what recipient objects the role assignee is allowed to modify in Active Directory.
  • Configuration read scope: The configuration read scope determines what configuration and server objects the role assignee is allowed to read from Active Directory.
  • Configuration write scope: The configuration write scope determines what organizational and server objects the role assignee is allowed to modify in Active Directory.

Default management role assignments for this role

Role group Regular assignment Delegating assignment Recipient read scope Recipient write scope Configuration read scope Configuration write scope
Organization Management X X Organization Organization OrganizationConfig OrganizationConfig
Compliance Management X Organization Organization OrganizationConfig OrganizationConfig