SYMANTEC ENTERPRISE VAULT ROLES-BASED ADMINISTRATION

Roles-based administration enables you to use Microsoft Authorization Manager to configure the various administrator roles. All such configuration is performed using the Vault Service account.

With Enterprise Vault Roles Based Administration it is possible to:

  • Define which operations an administrator is entitled to perform
  • Define which EV objects an administrator has access to
  • Allow administrators to manage EV without having equivalent privileges to the Vault Service Account (VSA).

 

Enterprise Vault 8.0 supplies the following predefined roles:
  1. File Server Administrator
  2. Messaging Administrator
  3. Power Administrator
  4. PST Administrator
  5. SharePoint Administrator
  6. Storage Administrator
  7. Exchange Administrator
  8. Domino Administrator
  9. NSF Administrator

File Server Administrator

Responsible for the day-to-day administration of File Server archiving. This administrator does not have access to other parts of the product, such as Exchange Server archiving or SharePoint archiving.

Messaging Administrator

Responsible for the day-to-day administration of Exchange Server and Lotus Domino archiving. This administrator does not have access to other parts of the product, such as File Server archiving or SharePoint archiving.

Power Administrator

Can perform all the tasks in the other predefined roles. Cannot perform reconfiguration tasks such as changing the Vault Service account or Directory SQL server.

PST Administrator

Has a view of the Administration Console that concentrates on those components that are required to manage personal stores. In Enterprise Vault Operations Manager, can view Exchange Server information and parameters.

SharePoint Administrator

Has a view of the Administration Console that concentrates on those components that are required to manage SharePoint archiving.

Storage Administrator

Has a view of the Administration Console interface that concentrates mainly on those components that are required to keep storage running properly. This administrator does not have access to archiving policy settings for the various targets.

Exchange Administrator

Responsible for the day-to-day administration of Exchange Server archiving. This administrator does not have access to other parts of the product, such as File Server archiving or SharePoint archiving. In Enterprise Vault Operations Manager, can view Exchange server information and parameters.

Domino Administrator

Responsible for the day-to-day administration of Lotus Domino archiving, including NSF migration. This administrator does not have access to other parts of the product, such as File Server archiving or SharePoint archiving.
In Enterprise Vault Operations Manager, can view Domino information and parameters.

NSF Administrator

Has a view of the Administration Console that concentrates on those components that are required to manage NSF files. In Enterprise Vault Operations Manager, can view Domino information and parameters.

 

You can use the predefined roles as supplied, customize them, or create new roles, as required. By assigning administrator roles you can adjust the permissions of individual administrators to match their job responsibilities. The mechanism is flexible enough for you to be able to modify an individual’s role to cope with any change in responsibility.

Note that ONLY with the Service account you can assign roles and is required for access to Enterprise Vault Authorization Manager.

 

  1. To assign a role to a user or group.
    • Using Vault Service account, start the Administration Console.
    • Right-click the Directory container and, on the shortcut menu, click Authorization Manager.
    • In the Authorization Manager window, under Enterprise Vault, click Role Assignments.
    • If role you want to use is not listed, right-click Role Assignments and, on the shortcut menu, click Assign Roles. The AddRole listing shows the roles you can select. Select the required role and click OK.
    • Right-click the role to which you want to assign users and then, on the shortcut menu, click Assign Application Groups or Assign Windows Users and Groups.
    • If chose Assign Application Groups, check the users or groups you want to add to the role, and then click OK.
    • If you chose Assign Windows Users and Groups, the standard Windows SelectUsers, Computers or Groups dialog appears. Select the required users or groups and then click OK to close the dialog box.
    • In the Authorization Manager File menu, click Exit. Click Yes when you are prompted to save your changes.
For more information of assignment of Application Groups please visit Microsoft’s TechNet website under Authorization Manager Concepts, Using Authorization manager.

 

The changes take approximately one minute to be replicated to all Enterprise Vault servers. The Administration Console will show the changes the next time it is started. The Administration Console does not show the changes until it has been restarted. However, the changes have been replicated to Enterprise Vault servers. This may result in that person receiving unexpected error messages.