Multiple DLP Actions
Each affected user action requires its own individual DLP rule. For instance, if an admin wanted to use the same Rule Expressions to control both DOWNLOAD and SHARE, two rules using the same Rule Expressions would be required.
DLP crawlers run on all daily cron jobs and remove shares that violate any SHARE ENFORCE rules.
|Objective||Affected User Action||Rule Expressions||Example Rule||DLP Action||RESULT|
|Control download of files||DOWNLOAD||DENY||Users cannot download files from the path expressed in the rule.|
|Control downloads and shares of files based on metadata|
Note: The metadata set and the attribute specified cannot contain periods within their names. For example, cce.pii is valid, but cce.x.pii.y is not valid.
|ALLOW||Users can download and share files with associated metadata.|
|Control login/access and downloading of files based on IP/Device/IP Range/country code|
|DENY||Users from the given IP, agent, IP range, country code, or CDIR ip range will not be permitted to login or download.|
|Control login/access, downloading and sharing of files based on user attributes|
|ALLOW||Users with the given username, email address, user type, any user not in the group 'managers', and the master Admin will be permitted to login, as well as downloading and sharing files.|
|Control file sharing|
Note: share.pathMatches(pattern) supports the wildcards:
`*` - any sequence of characters
Select users select groups, and users coming from a particular domain can access a specified or matching path.
|Control file download and login combinations|
|DENY||Users in the given groups or IP ranges will not be able to download files or access paths with the given metadata (in this case, a HIGH value for the attribute 'PII.Confidentiality Level'|
|Control sharing based on domain of user doing the sharing||SHARE||ALLOW||Users with one of the specified email domains are permitted to share files.|