You can use the evpm script below for that (added some additional info below too)
[Directory]
DirectoryComputerName=enterprise vault directory server
SiteName=vault site name
[ArchivePermissions]
ArchiveName=ALL_MAILBOX
GrantAccess=read write delete, domain\username
Mandatory setting
ArchiveName
Mandatory. Specifies the name of the archive to which the permission settings will be applied.
If there are multiple folders with the same name and you specify a name, then Policy Manager modifies only the first one that it finds. In this case, you must use archive IDs to specify the archives.
Possible values:
The name of an archive
An archive ID
ALL (Permissions will be applied to all journal, shared, and mailbox archives in the specified Vault Site)
ALL_JOURNAL (Permissions will be applied to all journal archives)
ALL_SHARED (Permissions will be applied to all shared archives)
ALL_MAILBOX (Permissions will be applied to all mailbox archives)