cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Give EV8 user new archive and deny access to old one - Zap didn't work

Go to solution
Thehound
Level 3

‎04-29-2015 01:54 AM

Hello,

 

First time poster so please be gentle.

I have a request to remove access for 4 users to their current archive and assign them new archives, this is to do with a change in their job roles.

 

So following this post https://www-secure.symantec.com/connect/forums/how-restrict-access-enterprise-vault-users-own-mailbo...

I initially Zapped the mailboxes to remove the Inherited Permissions. But this didn't work. I repeated the steps to Zap the mailboxes and tried Synching and leaving it overnight and so on. Nothing was removing the Inherited Permissions for some reason. No errors in the EVPM window, it just created the MAPI session and appeared to be doing it's thing.Nothing to indicate a problem anywhere that I know to look (Event Viewer really).

So after more research I found out it is possible to remove the permissions via SQL using the following (changed the company name)

use EnterpriseVaultDirectory

update archiveview

set autosecuritydesc = NULL

where vaultentryid = '1CB0BC547645285469BEAB2D8BD9C9C2121212-abc-vault'

 

This was good, the Inherited Permissions are now gone and access to the archives is now disabled for the users.

 

Users are removed from Provisioning Group. Access to old archive has explicit Deny for each user. A note has been added for audit purpose. So far so good.

 

So I then need to assign a new archive to each user, but when I go through the Wizard I can only select their exsiting archives. So I guess that there is still a link (probably within SQL) that matches that archive to that mailbox. Again I am guessing but this is going to be the SID for the user, or LegactExchangeDN or something along those lines. I can't see anything obvious in the tables if I just "Select * from archiveView where vaultentryid = 'ID STRING ABOVE'"

 

So my question is how can I assign a brand new archive to these users? Which field in the database is responsible for matching the User Mailbox to the User Archive? I can't do anything at the Exchange/AD end as the users are busy working, my only option is to make changes in EV or SQL.

 

 

System is EV8.0.5 on Windows Server 2008. Archiving Exchange 2007 mailboxes. No journalling or anything clever, just plain simple mailbox data.

 

 

Many Thanks,

 

 

 

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
Rob_Wilcox1
Level 6
Partner

‎04-29-2015 01:59 AM

I wouldn't go the database way, you can do this in the UI.

 

You would:

 

a/ Disable the users from archiving

b/ Remove the permissions from each archive in the VAC

c/ Enable the users for archiving, and, opt to create a new archive at that point.

Working for cloudficient.com

View solution in original post

0 Kudos
2 REPLIES 2

Go to solution
Rob_Wilcox1
Level 6
Partner

‎04-29-2015 01:59 AM

I wouldn't go the database way, you can do this in the UI.

 

You would:

 

a/ Disable the users from archiving

b/ Remove the permissions from each archive in the VAC

c/ Enable the users for archiving, and, opt to create a new archive at that point.

Working for cloudficient.com
0 Kudos

Go to solution
Thehound
Level 3

‎04-29-2015 02:37 AM

Hi Rob,

 

Thanks very much, I had missed the completely obvious button labelled "Deselect Archive" you pointed me in the right direction.

 

All working well once more.

 

Cheers,

0 Kudos