Arctera™ Insight Archiving : Cloudlink Administration Guide
- About this guide
- About CloudLink
- About CloudLink
- Synchronizing user accounts from Microsoft Active Directory
- Synchronizing user accounts from IBM Domino Directory
- Synchronizing user accounts from Google G Suite
- Configuring Insight Personal Archive web folders for Microsoft Exchange mailboxes
- Should I upgrade to CloudLink 4.1.x?
- CloudLink revision history
- About Exchange mailbox delegation synchronization
- Introduction to Exchange mailbox delegation synchronization
- About the effects of synchronized delegation permissions
- About the synchronization of delegation permissions with recurring tasks
- Requirements for delegation permissions synchronization
- Synchronizing the delegation permission for a user or a shared mailbox with delegates from different active directory domains
- System requirements for CloudLink
- Steps to set up CloudLink
- Installing or upgrading the CloudLink application
- Setting up CloudLink with Microsoft Exchange
- About setting up CloudLink with Microsoft Exchange
- Creating a CloudLink service account for an Exchange environment
- Configuring Exchange 2003 servers for CloudLink
- Configuring Exchange Server 2007, 2010, 2013, and 2016 servers for CloudLink
- Starting and closing the CloudLink application
- Configuring CloudLink for Microsoft Exchange
- Selecting the CloudLink configuration tasks for an Exchange environment
- Specifying the CloudLink service account
- Registering the domain controllers
- Registering the secondary domain controllers (Optional)
- Specifying the Management Console credentials
- Configuring the Active Directory properties to synchronize
- Configuring the additional Active Directory synchronization options
- Synchronizing additional email aliases from the Active Directory Extension attribute
- Configuring the SMTP server settings for email alerts
- Choosing the Exchange Server settings for web folder management
- Configuring the web folder properties
- Configuring report management and logging
- Configuring the welcome message template
- Disabling Insight Personal Archive login and archiving for accounts with disabled mailboxes
- Disabling Insight Personal Archive login and archiving for users who leave distribution groups that are targeted with Group-based Sync
- Reviewing or changing the CloudLink configuration
- Creating CloudLink tasks for Exchange
- About creating CloudLink tasks for Exchange
- Accessing Task Manager
- About the Task Manager Welcome page and the Archive User Browser in an Exchange environment
- Creating CloudLink tasks for Exchange
- Selecting the Active Directory users, groups, or OUs to perform a task
- About granting remote account management for CloudLink
- Selecting the actions for a task to perform in an Exchange environment
- Deselecting task actions for specific users or groups
- Configuring the web folder properties for a task
- Naming and scheduling a task
- Setting up CloudLink with Domino
- About setting up CloudLink with Domino
- Creating a CloudLink service account for a Domino environment
- Creating a Notes account for CloudLink and setting up Notes on the CloudLink server
- About configuring the Domino Global Domain Document
- Starting and closing the CloudLink application
- Configuring CloudLink for Domino
- Selecting the CloudLink configuration tasks for a Domino environment
- Specifying the CloudLink service account
- Specifying the Notes ID password
- Specifying the Management Console account credentials
- Configuring the Domino properties to synchronize
- Specifying the additional Domino synchronization options
- Configuring report management and logging
- Configuring the welcome message template
- Reviewing or changing the CloudLink configuration
- Creating CloudLink tasks for Domino
- About creating CloudLink tasks for Domino
- Accessing Task Manager
- About the Task Manager Welcome page and Archive User Browser in a Domino environment
- Creating CloudLink tasks for Domino
- Selecting the Domino view on which to perform the task
- Choosing whether to disable Insight Personal Archive access for users in Domino deny groups
- About granting remote account management for CloudLink
- Selecting the actions for a task to perform in a Domino environment
- Scheduling a task
- Reviewing the task parameters
- Monitoring and managing tasks and archive accounts
- Known issues and limitations
Requirements for delegation permissions synchronization
Table: Requirements for delegate permissions synchronization lists the conditions under which a CloudLink task considers a delegate for delegate permissions synchronization.
Table: Requirements for delegate permissions synchronization
Delegate type | Requirement for delegate permissions synchronization |
|---|---|
User | The user must have a pre-existing archive account. |
Mail-enabled security group | The synchronization task must target the group. |
Note that if the delegate type is a user, there is no requirement for the task to target the user, provided the user already has an archive account. Conversely, if the delegate type is a group, the task must target the group for the delegation permissions to be synchronized.
Table: Delegate access restrictions if a delegate has a deny permission and synchronization requirements are not met lists the restrictions on delegate access if the synchronization requirement is not met for a delegate with a Deny delegation permission.
Table: Delegate access restrictions if a delegate has a deny permission and synchronization requirements are not met
Delegate type with Deny permission | If this situation applies | Synchronization task takes this action | Result |
|---|---|---|---|
User | The user does not have a pre-existing archive account. | The task removes any existing synchronized delegate permissions for the delegated mailbox. | No-one has delegate access to the mailbox archive. |
Mail-enabled security group | The synchronization task does not target the group. | The task removes any existing synchronized delegate permissions for the delegated mailbox. | No-one has delegate access to the mailbox archive. |
Arctera Insight Archiving imposes these delegate access restrictions to ensure that users do not gain delegate access to archive accounts when a Deny delegation permission may have been set to prevent it.
Figure: Example: Mailbox with delegation permissions set for users and mail-enabled security groups shows a user mailbox or shared mailbox to which the Exchange administrator has assigned a number of mailbox delegation permissions.
In this example, the Exchange administrator has granted User A and members of Group 1 Full Access permission to the mailbox. In contrast, User B and members of Group 2 have been given Deny Full Access permission. Assuming that CloudLink has synchronized all of these delegation permissions, then User A and members of Group 1 have access to the delegated mailbox archive, subject to the precedence of any deny delegation permissions.
But suppose that User B does not have an archive account. Since User B has a deny delegation permission, the task removes any synchronized delegation permissions for the mailbox. No-one has delegate access to the mailbox archive.
Or suppose that Group 2 is not targeted by the synchronization task, or that it becomes no longer targeted by a recurring synchronization task. For example, the group could be moved to an organizational unit that is not within the scope of the task. The task removes any synchronized delegation permissions for the mailbox, so that no-one has delegate access to the mailbox archive.
More Information