Enterprise Vault™ Auditing
- About this guide
- Introducing Enterprise Vault auditing
- Setting up auditing
- Viewing the audit database entries
- Viewing the audit database entries using Audit Viewer
- Viewing the audit database entries using SQL queries
- Auditing for data protection compliance
- Appendix A. Format of audit database entries
Retrieving audited changes to archive permissions in a user-friendly format
An administrator can change the manual permissions on an archive using the Permissions tab on the Archive properties, or using the Enterprise Vault Policy Manager (EVPM) utility. In audit database entries, changes to manual archive access permissions are shown as Security Descriptor Definition Language (SDDL) strings for Windows permissions, and XML for Domino permissions. An example PowerShell script,
ExampleEvPermissionsAuditHelper.ps1, is included in Enterprise Vault to show you how you can convert these strings to an array of permissions in a more user-friendly format. The following information is included in the script output:
Identity details of the archive.
Name of the Enterprise Vault administrator who changed the permissions.
A list of the old and new permissions for each administrator who has manual permissions set on the archive.
The example script is located in the folder,
Enterprise Vault_installation\Auditing. You can run the script on your audit database, or modify it to use as part of your audit database processing. The Enterprise Vault Management Shell is not required to run this script.
The comments in the example script explain what the script does, the permissions needed to run the script, and the limitations of this example. You need to change values in the script for your environment.
The permissions available in the Archive properties dialog box and in EVPM are Read, Write, and Delete. These permissions equate to more granular permissions in audit database entries. Table: Mapping of available permissions to permissions output by script shows the mapping between the permissions that are available to administrators, and the underlying permissions that are displayed in the audit database entries that are output by the example script.
Table: Mapping of available permissions to permissions output by script
Permissions in Archive properties and EVPM
Permissions output by example script