File System Permissions and DLP Authorized Users

A Data Loss Prevention (DLP) authorized user is a user account on a DLP-enabled laptop with permission to unlock and read the contents of locked files. If your laptop has more than one user account, then the DLP authorized users of a locked file will depend on the file system security permission settings of each user for that particular file.

The following table lists the DLP actions allowed on a locked file for each level of file system security permissions that a user account has on the file:

File System Security Permission DLP Actions and Capabilities
Full Control
  • Listed as a DLP authorized user.
  • Can unlock files and read content.
  • Can modify the contents of a locked file.
Modify
Read & Execute
  • The user is listed as a DLP authorized user.
  • Can unlock files and read content.
  • Cannot modify the contents of a locked file.
Write
Read
No Permissions
  • Not a DLP authorized user.
  • Cannot unlock files.