Understand how User Roles for AMP in ESA and SMA Are Configured

Available Languages

Download Options

  • PDF     (382.7 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (423.4 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (375.0 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:September 29, 2022
Document ID:218227

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes the configuration for AMP user privileges for Cisco Secure Email and Cisco Secure Email and Web Manager

    Prerequisites

    Requirements

    Cisco recommends knowledge of these topics:

    • Cisco Secure Email (aka ESA)
    • Cisco Secure Email and Cisco Secure Email and Web Manager (aka SMA)

    Components Used

    The information in this document is based on these software and hardware versions:

    • Email Security Appliance version 14.3
    • Cloud email Security version 14.3
    • AMP feature key

    The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

    Background Information

    This feature provides you a role for AMP configurations privileges. When this privilege is assigned to a user, the user get to configure AMP security settings only.

    To view AMP-relevant reports, users can use this AMP configuration privilege to view both AMP configurations and AMP Reports. AMP Reports access is given to the 4 reports:

    • Advanced Malware Protection
    • AMP File Analysis
    • AMP Verdict Chart Updates
    • Mailbox Auto Remediation reports. (Applicable to both legacy and NGUI)

    Configure

    For ESA

    Add the user role

    You first need to create a new user role on the ESA:

    1. Go to System Administration > User Roles
    2. Click on “Add User Role”
    3. Name the User Role
    4. Select “Full Access” in AMP Configuration
    5. Select “View relevant reports” in Email Reporting
    6. Submit and commit

    ESA_role_1

    Assign the user role to a user

    Next, you need to create a new user to assign the user role created in the previous section:

    1. Go to System Administration > Users
    2. Click on “Add User”
    3. Name the user
    4. Click on “Custom Roles” and select the User Role created previously
    5. Submit and commit changes

    ESA_role_2

    For SMA

    Add the user role

    You first need to create a new user role on the SMA:

    1. Go to System Administration > User Roles
    2. Click on “Add User Role”
    3. Name the User Role
    4. Select by group or all Email appliances at your convenience “AMP reports”
    5. Submit and commit

    SMA_role_1

    Assign the user role to a user

    Next, you need to create a new user to assign the user role created in the previous section

    1. Go to System Administration > Users
    2. Click on “Add User”
    3. Name the user
    4. Click on “Custom Roles” and select the User Role created previously
    5. Submit and commit changes

    SMA_role_2

    Revision History

    Revision Publish Date Comments
    1.0
    29-Sep-2022
    Initial Release
    TAC Authored

    Contributed by Cisco Engineers

    • Salvador Rivera Portillo
      Technical Consulting Engineer
    • Chris Arellano
      Technical Consulting Engineer
    • Cesar Ivan Monterrubio Ramirez
      Technical Consulting Engineer

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products