Platform Deployment Guide › Quarantine Manager › Deploy the Quarantine Manager › Specify a QM Domain User › Create a Corresponding CA DLP User

Create a Corresponding CA DLP User

After specifying your QM domain user, you must create a matching CA DLP user account. That is, the new CA DLP user must have the same account name as the QM domain user. The Quarantine Manager will use this CA DLP account to log on to the CMS when checking for emails released from quarantine.

We recommend that you set the management group for the Quarantine Manager to the top‑level Users group.

1. In the CA DLP Administration console, create a new user. See the Administration console online help for details; search the index for ‘new users’.

   When you specify the user name, you must include the domain prefix to ensure compatibility with the account name for the QM domain user (for example, UNIPRAXIS\QMUser).

2. Still in the Administration console, assign the following privileges to this CA DLP user:
   • Admin: Use single sign-on: This enables the Quarantine Manager to log on to the CMS automatically (without needing to provide authentication), even if the CMS machine policy setting ‘Allow single sign-on?’ is set to False.
   • Admin: Disable security model filtering: This enables the Quarantine Manager to bypass built-in security measures and search for events without management group restrictions. In effect, assigning this privilege guarantees each reviewer can retrieve all the quarantined events associated with users in their respective management groups.
   • Events: Control quarantined events: This permits the Quarantine Manager to access emails released from quarantine.

   Note: These privileges are granted automatically with the Administrator role in CA DLP.