Enterprise Vault™ Auditing

Retrieving audited changes to archive permissions in a user-friendly format

An administrator can change the manual permissions on an archive using the Permissions tab on the Archive properties, or using the Enterprise Vault Policy Manager (EVPM) utility. In audit database entries, changes to manual archive access permissions are shown as Security Descriptor Definition Language (SDDL) strings for Windows permissions, and XML for Domino permissions. An example PowerShell script, ExampleEvPermissionsAuditHelper.ps1, is included in Enterprise Vault to show you how you can convert these strings to an array of permissions in a more user-friendly format. The following information is included in the script output:

The example script is located in the folder, Enterprise Vault_installation\Auditing. You can run the script on your audit database, or modify it to use as part of your audit database processing. The Enterprise Vault Management Shell is not required to run this script.

The comments in the example script explain what the script does, the permissions needed to run the script, and the limitations of this example. You need to change values in the script for your environment.

The permissions available in the Archive properties dialog box and in EVPM are Read, Write, and Delete. These permissions equate to more granular permissions in audit database entries. Table: Mapping of available permissions to permissions output by script shows the mapping between the permissions that are available to administrators, and the underlying permissions that are displayed in the audit database entries that are output by the example script.