Explore the Block (with override) action available in data policies that allows certain users to override applied restrictions and provide explanations for their actions.
In this article, you will learn more about:
- What is Block (with override)
- Where to set up Block (with override)
- What will the user see
- What can the admin see in records
- Alerts
Introduction: What is Block (with override)
When you select the Block (with override) action in a data policy, certain users will be able to override applied restrictions and provide explanations for their actions.
Block (with override) is useful in companies where admins trust the users to only override blocking policies for legitimate reasons (for example, when a user needs to send a classified file to a customer, if sensitive content is incorrectly detected in an ordinary file, etc).
🍏macOS devices: Block (with override) is currently not supported on macOS.
Learn more about the differences in features between Windows and macOS here.
Where to set up Block (with override)
Block (with override) is an action available in data policies. To create a data policy, follow these steps, and in the Action section select Block (with override).
Block (with override) is currently not available for Print and Virtual print. These operations will be blocked, even when override is enabled.
What will the user see
When a user performs an action that is supposed to be blocked by that policy, a small notification appears in the bottom right corner of their screen.
Clicking the notification reveals more details about why the action is blocked.
The user has the option to override the blocking by selecting a reason from the drop-down menu (for example “I need a one-time exception”) and providing an explanation for their action. The explanation is recorded for possible investigation by the admin.
If the user chooses to click Close, the action will be blocked.
What can the admin see in records
Admins can view override reasons and descriptions in the Data section in Safetica ONE console.
To filter out overridden actions:
- Go to the Data section in Safetica ONE console.
- Click Add filter > Action > Override.
- Ensure columns Override reason and Override description are visible.
- Override reason displays the predefined reason selected by the user.
- Override description contains the user's explanation in their own words.
Alerts
Real-time alerts about the use of Block (with override) are sent as part of the DLP policy violation alert. Admins can set up alerts in Safetica Maintenace Console > Alerts after clicking the New rule button.