Previous Topic: AdministratorsNext Topic: User Accounts

Administrator Responsibilities

Administrators have the following responsibilities:

User Administration

Administrators must organize new users into a hierarchy and maintain the hierarchy. You also need a strategy for creating other administrators.

Organizing new users into a hierarchy

Before rolling out CA Data Protection across your organization, determine how you handle new users. Do you want to import user details into CA Data Protection from an existing source such as Active Directory? Can new users enroll themselves? You also need to organize users into groups. You can do this manually, or you can synchronize your CA Data Protection hierarchy of users and groups with an external source.

These issues are fully described in the 'Before You Start Using CA Data Protection' chapter of the Platform Deployment Guide.

Maintaining the user hierarchy

Your hierarchy of users and groups will require routine maintenance. For example, you may want to reorganize user groups to cater for users with particular policy requirements. This allows fast and selective rollout of policy changes. For example, you may decide to group together all users who are in constant email contact with customers.

Creating administrators

To share the administrative workload, you can promote ordinary users into administrators or managers by reassigning them to the appropriate user role. You can limit the scope of their administrative authority by specifying their management groups.

Machine Administration

Machine administration involves the following tasks.

Post-CMS installation

After you install the CMS but before you roll out CA Data Protection across your organization, you must configure your CMS policy, and the common client and gateway policies (these common policies are applied automatically to new machines). Key policy areas that you must consider include database purging and the management of free disk space.

These issues are fully described in the 'Before You Start Using CA Data Protection' chapter of the Platform Deployment Guide.

Routine maintenance

You must verify that all CA Data Protection computers are running the current versions of the software and that their individual machine policies are appropriate for your network environment. For example, you will need to ensure that replication, database purging and free disk space settings have sensible values. To optimize data flows across your network, you may also need to occasionally reorganize the allocation of client machines to each gateway.

Data security

You also need to consider data security. This covers encryption, database backups, and database purging.


All events captured by CA Data Protection (emails, files, web pages and so on) is replicated across your network and stored on the CMS. These data transfers and the stored data itself must be secure. Configure the machine policies to encrypt this event data.


We recommend that you make a full backup of your CA Data Protection database on the CMS at least once per week, and incremental backups on a daily basis.

Database purging

We strongly recommend that you turn on database purging in the common gateway policy and common client policy. Regular purges prevent free disk space falling to dangerously low levels on your CA Data Protection computers, which in turn would cause the CA Data Protection infrastructure to be suspended.

Note: On a suspended endpoint computer, policy controls continue to operate (for example, emails are blocked) but the resulting events are not saved. For example, you cannot search for emails that were blocked while an endpoint was suspended.

Note: Administrators do not normally manage user policies. Users with responsibility for managing user policies are assigned to the 'Policy Administrator' user role.