Include or Exclude a User Group from DLP Policy
Including or excluding a User Group is a powerful way to apply a policy to your deployment. For example, you could do this when you need to include or exclude a finance group from attaching financial information.
In policies, Exclude always takes precedence over Include. If you accidentally try to add a User Group to both Include and Exclude, you will see a message asking you to choose one or the other.
To include or exclude a User Group from a DLP policy:
- Go to Policy > DLP Policies > DLP Policies.
- Under Actions > Sanctioned Policy > Create New Policy, or click the name of an existing policy to edit it.
- On the Descriptions page:
- Enter a Name for the policy and an optional Description.
- Deployment Type. Select API, Lightning Link, or Reverse Proxy.
- Select Service Instances the policy should apply to.
- Under User Groups, for Include All User Groups, click Edit and select from the list.
- Click Done.
- To exclude User Groups, click Add Exclusions and select from the list.
- Click Done.
- Follow the wizard to enter selections for the Rules and Exceptions page, then Review and save your policy. For details see, Create or Edit a Sanctioned DLP Policy.