We are users of both Cloud Email and Cloud Web filtering and have discovered an issue in the way the security model works. This has been taken to the support team and we have been told this is as is.
I'll quickly go through the issue before the suggestions.
Admin is set to advanced view in secuirty and is allowed access to only view some email profiles but has full access to all web profiles. When admin signs in and goes to Admin custom categories his is unable to view or add details. If I change his account to simple security view - this giving him access to all email and web profiles (something we do not want to do) he does have access to custom categories. I we change the view the advanced again, still having full access to all profiles - next sign on returns him to No access to custom categories.
We have been advised this is by design as custom categories can impact all web profiles, so it is removed from access when moving to granular support. This does not stack up though when you think of my initial stand point - the admin is allowed access to all web profiles, so therefore should be allowed access to custom categories.
Recommendation 1. To review the security model and add further granularity around allow view/modify of custom categories -especially cross products. I should be able to give an admin, for example, no access to email profiles but full access to web and all aspects of that management.
Recommendaiton 2. It would be nice to have some way of viewing what sites are added to a custom category without the need of having to grant this full access. eg - first level support guys may need to see if site has been whitelisted.
Recommendation 3. When adding urls to custom categories it would be great to have a free text field to note why it is added (eg: link to a helpdesk ticket, add a user name, add a business case).