How to grant vault explicitly access to other users

Article: 100019736
Last Published: 2019-03-20
Ratings: 4 0
Product(s): Enterprise Vault

Problem

How to grant vault explicitly access to other users

Solution

Sometimes is it necessary to provide a user or security group access to an archive for Discovery or Compliancy purposes.  By default, Enterprise Vault is designed to synchronize Mailbox permissions to the archive (See Related Documents to alter this default behavior).  Perform the following to add a user/group to an archive when the user/group in question is not synchronized automatically.
  1. Open the VAC (Vault Admin Console) as the Vault Service Account (VSA).
  2. Expand Archives > Exchange Mailbox.
  3. In the right hand pane, select the user whose vault is to be accessed, Right Click and select Properties.
  4. Click on the Permissions tab.
  5. Click on the Add button and select the user(s) and/or Group(s) to add to view this vault and Click OK.

    Note: In cases where access to a separate Domain is necessary, due to how Enterprise Vault (EV) queries Active Directory, these other domains may not be able to be browsed.  Rather than selecting a user or group from the list, it is possible to specify the user or group manually in "Domainname\Username" format.
     
  6. On the Permissions page, Click on the newly added user(s).  (A list of permissions will show up at the bottom of the window).
  7. Click on the Grant check box under the Manually set field to grant access to the vault.

    Note: If desired, check and uncheck the boxes for "Read", "Write", and "Delete" to set specific permissions for the newly added user. For example, if  the new user  should only be able to view the vault, but not add to it or delete from it, then check the "Read" permission only and uncheck the "Write" and "Delete" permissions.
  8. When finished Click OK and the permissions will be set.

 

Synchronization
 
When changes are made to a mailbox Policy or Archive, it is recommended to Synchronize these changes to the mailbox.  If not synchronized immediately, changes to the policy will not take effect until a synchronize is performed (12:00 am and 12:00 pm daily by default):

  1. Expand Enterprise Vault Servers > <EV server name> and select Tasks.
  2. In the right hand pane, Right Click on the "Exchange Archiving task for <Exchange server name>" and select Properties.
  3. Click on the Synchronization tab.
  4. Click on the All mailboxes radial button.

    Note: If affecting a single user's archive, click the "Selected mailboxes" radial button.  This will provide a new window when "Synchronize" is selected to filter or browse to the user(s) in question.
     
  5. Enable the three boxes for Archiving settings, Mailbox properties and permissions and Folder hierarchy and permissions.
  6. Click the Synchronize button.

    Notes:
       a.  The "Progress" area will state the synchronization has been queued.
       b.  Depending on the number of users in the environment, the synchronization can take time to complete
       c.  When specifying individual users to Synchronize, a pop-up window will provide the progress of the synchronization
       d.  When synchronizing "All mailboxes", the progress can be observed in Computer Management => Services and Applications => Message Queuing => Private Queues => <Enterprise Vault Mailbox Task for SERVERNAME> A6 Queue (for versions prior to 8.0) A7 Queue (for version 8.0)

 

Further Details of MSMQ and each queue's responsibility can be found in the EV Administrator's Guide.

After synchronization is complete, it can be confirmed that the user has access to the designated archive by opening Archive Explorer as the user in question and observing that the granted archive is available to be browsed.  

Note: A manual refresh of the page may be necessary for Archive Explorer to display an updated page.

 

 

Was this content helpful?