Enterprise Vault Compliance Accelerator and Discovery Accelerator Accounts and Permissions

  • Modified Date:
  • Article ID:000087311


This article describes the various permissions that are required when using the Enterprise Vault Compliance Accelerator (CA) and Discovery Accelerator (DA) products. The requirements here are in addition to those required by the core Enterprise Vault product, and which are described in the companion article 000040861. As some accounts are feature-specific, not every environment will make use of every account and permission listed here.  Rather, this article is meant as a reference to double check when troubleshooting permissions-related errors in the Accelerator products.


Select from the sections below to view their details.

Requirements for CA/DA 

Note: These are requirements that CA and DA have in common. These requirements must be satisfied in any environment where either CA or DA is in use, or where both are in use.


The Vault Service Account's (VSA) requirements in Microsoft SQL Server Reporting Services

  • The VSA requires a System Administrator role on the SQL reporting server (instructions).
  • The VSA requires a Content Manager role on the Home folder of the SQL reporting server (instructions).
Permissions on the Windows and ASP.NET temp folders
  • The Authenticated Users group must have Full Control permissions on both the Windows temp folder and the ASP.NET temp folder (instructions).
  • This allows users to access the products' web sites, such as the Accelerator Manager site.


Requirements for DA Analytics


The VSA's requirements in SQL Server

  • The VSA requires the following rights on the msdb system database (instructions):
  • Select permissions on the sysjobhistory, sysjobs, sysjobschedules, sysjobservers, sysjobsteps, and sysschedules tables
  • Execute permissions on the sp_add_category, sp_add_job_, sp_add_jobschedule, sp_add_jobserver, and sp_add_jobstep stored procedures
Requirements for DA Custodian Manager
Note: In most cases, the VSA and the Custodian Manager synchronization account are one and the same.

The Custodian Manager synchronization account's requirements in Active Directory
  • The Custodian Manager synchronization account must be delegated the following common tasks (instructions):
  • Read all user information
  • Read all inetOrgPerson information
  • The Custodian Manager synchronization account must have the following permissions on the Deleted Objects container (instructions):
  • List Content
  • Read Property

Terms of use for this information are found in Legal Notices.



Did this article answer your question or resolve your issue?


Did this article save you the trouble of contacting technical support?


How can we make this article more helpful?

Email Address (Optional)