The scenario is as follows. I have users divided into three departments. Currently there is only one policy that is applicable to all the users. These users can be seperated into three AD groups which can be integrated with DLP user groups.
Below are the requirements
1. I want to have a DLP role for each head of the department, so that they can view and remediate incidents of users belonging to his specific department. I could only see the Policy Group as one of the relevant option under "incident access" tab while creating user role.
2. If I have to use Policy groups to segregate user roles then I will have to create three separate policies will have to assign respective three separate policy groups to them. Is there a way we can provide incident access to a role based on user groups?
What would be the best practice for policy creation, roles and reporting in this case?
Do organizations use department wise policies, department wise user groups?