Search <book_title>...

Enterprise Vault™ Using SQL Database Roles in Enterprise Vault, Compliance Accelerator, and Discovery Accelerator

Last Published: 2021-03-23

Product(s): Enterprise Vault (14.1, 14.0, 12.5, 12.4, 12.3, 12.2, 12.1, 12.0)

About Enterprise Vault database roles

The Enterprise Vault databases contain roles which you can use to increase the database security in your environment.

Standard Enterprise Vault installation and upgrade procedures do not use these roles. When you have completed the installation or upgrade of Enterprise Vault, the Vault Service account is the owner of all Enterprise Vault databases and has a high level of privilege on the SQL server.

Use the procedures in this chapter to do the following:

Configure the Vault Service account with only the SQL privileges that are required for normal daily operations.
See Configuring the Vault Service account for normal operations.
Grant temporary additional SQL privileges to the Vault Service account for other tasks that require higher privileges.
See Configuring the Vault Service account for operations that require elevated privileges.

Note:

Before you use the procedures in this chapter, you must have completed the installation or upgrade of Enterprise Vault, and its configuration.

Table: Enterprise Vault database roles lists the Enterprise Vault database roles and describes the purpose of each.

Table: Enterprise Vault database roles

Role	Used in these databases	For these operations
EVAdminRole	Directory Vault store Vault store group (fingerprint)	Assign the Vault Service account to EVAdminRole for all administrative operations, such as the creation of vault store partitions, and all EVSVR operations. Revoke the Vault Service account's membership of EVAdminRole when you have completed the administrative operations.
EVMonitoringOperator	msdb system database	Assign the Vault Service account to EVMonitoringOperator for all normal operations.
EVReportingRole	Audit Directory Monitoring Reporting Vault store Vault store group (fingerprint)	Assign the Vault Service account or the reporting user to EVReportingRole for all reporting operations. This allows the collection of the data required in Enterprise Vault reports.
EVRuntimeRole	Audit Directory Monitoring Reporting Vault store Vault store group (fingerprint)	Assign the Vault Service account to EVRuntimeRole for all normal operations.
EVUpgradeRole	Audit Directory Monitoring Vault store Vault store group (fingerprint)	Assign the Vault Service account to EVUpgradeRole before upgrading Enterprise Vault. Revoke the Vault Service account's membership of EVUpgradeRole when you have completed the upgrade.

The installation or upgrade of Enterprise Vault automatically creates these roles in the databases where they are required, except for the msdb system database.

The procedures in this chapter include the steps required to create the database roles in the msdb system database.