Knowledge base
Knowledge base: English > Configuration Guide > DLP
User-based data classification
Posted by Dana Balaštíková, Last modified by Dana Balaštíková on 19 May 2020 09:06 AM

Safetica 9.6 brings a new feature that allows end users to classify files by themselves.

Supported file formats for user-based classification are: .docx, .xlsx, .pptx, .pdf.

How to enable user-based classification for selected users

User-based classification can be enabled for selected users and endpoints. You can also control whether they are allowed to reclassify files freely, or only select stricter classification levels.

  1. Open Safetica Management Console and go to Maintenance > Endpoint settings > User-based data classification.
  2. In the user tree, select the users or endpoints, for which to enable user-based classification.
  3. Set User-based data classification to Enabled. This allows specified users to see the Classify file option in their right-click context menu. If you choose Disabled, the Classify file option will be hidden.
  4. If you want to allow users to change document classification to a less strict one, set Permission to downgrade classification to Enabled. If you choose Disabled, users will only be allowed to increase the strictness of document classification.
  5. Save your settings by clicking [].

Note: The Permission to downgrade classification can be set independently of the User-based data classification option. You can enable user-based classification for a group of users, and at the same time enable Permission to downgrade classification to only a subset of this group.

How to classify files as a user

To classify a file, the user selects it and right-clicks it. When the context menu opens, the user will see the Classify file option. On mouse hover, they will see the available data categories they can choose from.

If a file has no data category assigned, the (none) option is checked. This option disappears after a classification has been assigned. Policies bound to the selected data category will then be applied to the file as well.

Categories in the context menu are listed in the same order as in Safetica Management Console. This can be changed in the DLP > Data categories table. The order should reflect the strictness of individual classification levels.

It is possible to select and classify several files at once. If an unsupported file format is selected, the Classify file option will not be displayed in the context menu.

How to configure data categories to be displayed to users

User-based data classification requires metadata-based data categories. To display a category in the right-click context menu:

  1. Open Safetica Management Console and go to DLP > Data categories.
  2. Click Edit next to the data category you want to display to users. The category must be context-based and use persistent metadata.
  3. In the Advanced options, enable Use in user-based data classification.
  4. Click [OK].
  5. Save your settings by clicking [].

How to remove data classification from a file

Users cannot remove classification from files. To work around this, the recommended approach is to:

  1. Create a new data category (called e.g. Public) and do not assign it to any DLP policy.
  2. Place this category to the very bottom of the category list in the DLP > Data categories table.

When a user needs to remove classification from a file, they can choose this “empty” category. The file will then not be affected by any DLP policy but will remain trackable within DLP logs.

How to view user classification logs

To view logs related to user-based classification, switch to the visualization mode in DLP > Data categories. Safetica logs every classification and downgrade of classification performed by users. In the Operation column of the Records table, you can use the filtering options User classification and User classification downgrade to display the respective logs.

(1 vote(s))
Helpful
Not helpful