Description
Many times there is a need to customize pre-defined roles in order to give sufficient enough permissions to one or more users which who be doing day-to day administration of part of the Enterprise Vault (EV) Implementation, but also restrict them from being able to access/manage other parts of it.
Please note: the below is a representation of modifying the pre-defined role "Exchange Administrator" so that the user assigned with this role can only administer Exchange Mailbox Archives. The principle is the same, so should the need to modify another role be present, go from Step 2 by searching for the relevant role. Then copy the task link and search for which permissions it is assigned.
1. Download the Evazstore.xml by following these instructions:
In Enterprise Vault Management Shell, type Get-Evrbaazstorexml as shown in the screen shot below and replacing the FolderPath: variable's path to specify where to save the file:
2. Edit the .xml file in any text editor by doing the following:
2.1. Find the part Name="Exchange Administrator" Description="Responsible for day-to-day administration of Exchange archiving" BizRuleImportedPath="" RoleDefinition="True">
2.2. Then remove all the <task link>.../task link> lines except the ones that are needed. In the below listing, the needed lines are highlighted:
These are the "Can Administer Enterprise Vault" (to give permission to the administration console), and "Can Administer Exchange Mailbox Archives" (accessibility for Exchange Mailbox archives ):
3. Save the changes in the .xml file
4. Enter into the Enterprise Vault PowerShell window the following command and supply the information to the file path when prompted as shown in the screen shot below, replacing the path in the screen shot with the path to the actual file location in order to retransmit them to the EV library:
Set-EVRBAAzStoreXml
4. Ensure that the user for whom these permissions have been granted is a member of the local Administrators group of the EV server.
5. Use these Enterprise Vault PowerShell commands to assign the role to the user, replacing "user3" with the user getting the role:
Add-EVRBARoleMember -Identity "Exchange Administrator" -Members "tuser3"
5.Login on the EV server with the user's credentials to check if the permissions are working as described. The following screen shot is a representation of what should be seen.
Related Knowledge Base Articles
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.