Enterprise Vault™ Using SQL Database Roles in Enterprise Vault, Compliance Accelerator, and Discovery Accelerator
- About this guide
- Using Enterprise Vault database roles
- About Enterprise Vault database roles
- Configuring the Vault Service account for normal operations
- Preparing to configure the Vault Service account
- Configuring the Vault Service account's SQL login
- Changing ownership of Enterprise Vault databases
- Assigning the Vault Service account to EVRuntimeRole
- Mapping the Vault Service account to the msdb system database
- Creating EVMonitoringOperator in the msdb system database and assigning Vault Service account
- Restarting Enterprise Vault services
- Configuring the Vault Service account for operations that require elevated privileges
- Using Compliance Accelerator and Discovery Accelerator roles
- About Compliance Accelerator and Discovery Accelerator database roles
- Configuring the Vault Service account for normal operations
- Preparing to configure the Vault Service account
- Configuring the Vault Service account's SQL login
- Changing ownership of Compliance Accelerator and Discovery Accelerator databases
- Assigning the Vault Service account to EVRuntimeRole
- Mapping the Vault Service account to the msdb system database
- Creating EVScheduledSearchOperator in the msdb system database and assigning the Vault Service account
- Creating EVAnalyticsOperator in the msdb system database and assigning the Vault Service account
- Restarting Compliance Accelerator and Discovery Accelerator services
- Configuring the Vault Service account for operations that require elevated privileges
About Compliance Accelerator and Discovery Accelerator database roles
Compliance Accelerator and Discovery Accelerator use databases roles which you can use to increase the database security in your environment.
Standard Compliance Accelerator and Discovery Accelerator installation and upgrade procedures do not use these roles. When you have completed the installation or upgrade, the Vault Service account is the owner of all Compliance Accelerator and Discovery Accelerator databases and has a high level of privilege on the SQL server.
Use the procedures in this chapter to do the following:
Configure the Vault Service account with only the SQL privileges that are required for normal daily operations.
See Configuring the Vault Service account for normal operations.
Grant temporary additional SQL privileges to the Vault Service account for other tasks that require higher privileges.
See Configuring the Vault Service account for operations that require elevated privileges.
Note:
Before you use the procedures in this chapter, you must have completed the installation or upgrade, and subsequent configuration of Compliance Accelerator and Discovery Accelerator.
Table: Compliance Accelerator and Discovery Accelerator database roles lists the Compliance Accelerator and Discovery Accelerator database roles and describes the purpose of each.
Table: Compliance Accelerator and Discovery Accelerator database roles
Role | Used in these databases | For these operations |
|---|---|---|
EVAdminRole | Discovery Compliance | Assign the Vault Service account to EVAdminRole for all administrative operations Revoke the Vault Service account's membership of EVAdminRole when you have completed the administrative operations. |
EVAnalyticsOperator | msdb system database | Assign the Vault Service account for Analytics operations. |
EVRuntimeRole | Compliance Configuration Custodian Manager Discovery | Assign the Vault Service account to EVRuntimeRole for all normal operations. |
EVScheduledSearchOperator | msdb system database | Assign the Vault Service account to support scheduled searches. |
EVUpgradeRole | Compliance Configuration Custodian Manager Discovery | Assign the Vault Service account to EVUpgradeRole before upgrading Compliance Accelerator and Discovery Accelerator. Revoke the Vault Service account's membership of EVUpgradeRole when you have completed the upgrade. |
The installation or upgrade of Compliance Accelerator and Discovery Accelerator automatically creates these roles in the databases where they are required, except for the msdb system databases. The procedures in this chapter include the steps required to create the database roles in the msdb system database.