cancel
Showing results for 
Search instead for 
Did you mean: 

Permissions for restore into mailbox from Enterprise Vault Search

Marcde
Moderator
Moderator
Partner    VIP    Accredited

Hello together, 

we are facing a problem with the restore into the mailbox from the Enterprise Vault Search and also from the old search applications with delegated access to the mailbox. 

Which permissions do we need to restore items from an archive to the original mailbox or to a selected folder?

We set the following permissions on ToiS: contributor and on inbox: editor.

When trying to restore from the search we get the error messsage that the restore failed. EV eventlog shows Event ID 2778, 5211 and 41480

ID 2278 "The error c0041801 occurred whilst calling the method CArchivingAgentQueue::RestoreItemV35"

ID 5211 "Failed to restore an item from the Web Application"

ID 41480 "The User domain\user attempted to restore following item(s) into mailbox user@domain.com - Restore Operation Status: 1 Failed SSIDs"

Dtrace shows: 

{CClientIdentity::CheckAccess:#738} User domain\user does not have permissions (Read) to Archive [Name = ArchiveName VaultId = <VaultID>]

-When setting read permissions in the vac the user with delegated access is able to restore items. 

-Synchronize folder permissions is set to on 

 

I found Technote http://www.veritas.com/docs/000016114 which states that the user will need Full Mailbox access to restore items. 

-I am a bit confused about this. 

-The above constellation was working with EV9 and is not working any longer with EV10 and 11 

-I was able to reproduce the "problem" in my lab with EV10 and EV11 and the permissions I mentioned above 

PMCS GmbH & Co. KG - A Serviceware Company
www.serviceware.de
1 ACCEPTED SOLUTION

Accepted Solutions

AndrewB
Moderator
Moderator
Partner    VIP    Accredited

based on the technote you found, it looks like Veritas changed the security requirements from version to version.

"User A requires explicit full mailbox rights to User B in order to run a restore of messages to the mailbox using Enterprise Vault restore methods. Note: Security has been tightened starting in 8.0 SP3 that the vault service account will no longer be able to restore items to anyone's mailbox by design. The restoring user now needs explicit rights to the destination mailbox and permissions to the archive from which the item is being restored."

View solution in original post

4 REPLIES 4

AndrewB
Moderator
Moderator
Partner    VIP    Accredited

based on the technote you found, it looks like Veritas changed the security requirements from version to version.

"User A requires explicit full mailbox rights to User B in order to run a restore of messages to the mailbox using Enterprise Vault restore methods. Note: Security has been tightened starting in 8.0 SP3 that the vault service account will no longer be able to restore items to anyone's mailbox by design. The restoring user now needs explicit rights to the destination mailbox and permissions to the archive from which the item is being restored."

Marcde
Moderator
Moderator
Partner    VIP    Accredited

thank you for your response and a happy new year! 

what confuses me is that in the mentioned technote it says that we need explicit full mailbox access to restore but we are able to restore items when only read permissions are set on the archive level. 

I am not able to find other documents which could clarify this behavior

PMCS GmbH & Co. KG - A Serviceware Company
www.serviceware.de

AndrewB
Moderator
Moderator
Partner    VIP    Accredited
i think we're saying the same thing because it's about writing to the mailbox, not writing to the archive and that's why you can do it with having read access to the archive.

Marcde
Moderator
Moderator
Partner    VIP    Accredited

sorry for asking again. 

I understand that but in this case we do not have full access rights to the mailbox - in the technote it says that we need this in order to restore items to the mailbox. 

 

Edit:

I got all the Information I needed. 

Thanks

PMCS GmbH & Co. KG - A Serviceware Company
www.serviceware.de