Enterprise Vault™ Auditing
- About this guide
- Introducing Enterprise Vault auditing
- Setting up auditing
- Viewing the audit database entries
- Auditing for data protection compliance
- Appendix A. Format of audit database entries
Preparing the user account for accessing the Enterprise Vault OData web service
To allow users to retrieve information from the auditing database using the OData web service, you need to configure the following:
Assign the user account to the role that has the "Can View Enterprise Vault Auditing OData datasets" operation.
Enterprise Vault includes an RBA operation called "Can View Enterprise Vault Auditing OData datasets" that allows access to the auditing database using the OData web service. Only users that are assigned to a role that has this operation can query the auditing database. Note that the Power Administrator role is assigned this operation by default.
Assign the user account to the EVODataAdminRole in the Enterprise Vault auditing database.
The SQL database role called EVODataAdminRole allows users access to the Enterprise Vault auditing database through the OData web service. When you add users to or remove users from a role that has the "Can ViewEnterprise Vault Auditing OData datasets" operation, Enterprise Vault automatically synchronizes the users to the EVODataAdminRole role.
Configure the Enterprise Vault server to be trusted for delegation.
This is necessary because the Enterprise Vault OData web service tries to connect to the auditing database by using the credentials of the user account that is accessing the web service. The database server which hosts the auditing database does not accept the credentials of the user account that is accessing the web service from the IIS server unless the IIS server is configured to be trusted for delegation. Refer to the Microsoft documentation for instructions on how to configure the server to be trusted for delegation.