This article describes the various permissions that are required when using the Enterprise Vault Compliance Accelerator (CA) and Discovery Accelerator (DA) products. The requirements here are in addition to those required by the core Enterprise Vault product, and which are described in the companion article 000040861. As some accounts are feature-specific, not every environment will make use of every account and permission listed here. Rather, this article is meant as a reference to double check when troubleshooting permissions-related errors in the Accelerator products.
Select from the sections below to view their details.
Note: These are requirements that CA and DA have in common. These requirements must be satisfied in any environment where either CA or DA is in use, or where both are in use.
The Vault Service Account's (VSA) requirements in Microsoft SQL Server Reporting Services
- The VSA requires a System Administrator role on the SQL reporting server (instructions).
- The VSA requires a Content Manager role on the Home folder of the SQL reporting server (instructions).
- The Authenticated Users group must have Full Control permissions on both the Windows temp folder and the ASP.NET temp folder (instructions).
- This allows users to access the products' web sites, such as the Accelerator Manager site.
The VSA's requirements in SQL Server
- The VSA requires the following rights on the msdb system database (instructions):
- Select permissions on the sysjobhistory, sysjobs, sysjobschedules, sysjobservers, sysjobsteps, and sysschedules tables
- Execute permissions on the sp_add_category, sp_add_job_, sp_add_jobschedule, sp_add_jobserver, and sp_add_jobstep stored procedures
- The Custodian Manager synchronization account must be delegated the following common tasks (instructions):
- Read all user information
- Read all inetOrgPerson information
- The Custodian Manager synchronization account must have the following permissions on the Deleted Objects container (instructions):
- List Content
- Read Property