08-23-2013 06:59 AM
Hi,
I am trying to overcome the following error with the BE archiving option.
Access denied. User is not in a role that allows '(STO) Can Administer vault Stores and Partions'
This error appears in the EV event log when I attempt to create a vault store.
No vault stores have as yet been created.
Symantec tech note TECH182988 has been applied to no avail.
I have trawled through a "Real" EV directory database and can find no reference to the defnition of Roles.
The only reference to managing EV roles is through the VAC.
Does anyone know of a method of managing roles via registry / directory database?
Many Thanks
Topper454
08-23-2013 07:09 AM
Hi topper,
I believe what you are looking for is the Authorization Manager. Do right click over the Directory in the VAC:
You can use Authorization Manager to assign the user account from BE to perform backups.
I hope this helps.
08-23-2013 07:12 AM
Hi Topper,
No you cant really define roles via SQL, the way permissions are kept in SQL for EV, understandably is 'complex' and near impossible to use.
The Roles membership, as you mention above, is usually done via the Authorization Manager from within the VAC.
Which account are you trying to create a Vault Store with, is it the VSA or another?
Gabe beat me to it, as Gabe says, via the VAC.
08-23-2013 07:20 AM
Also, '(STO) Can Administer vault Stores and Partions' is considered an operation:
The Task 'EVT Manage Enterprise Vault Vault Stores' contains this operation:
So, you need to assign the Role 'Storage Administrator' to the account:
But, you can always assign just the operation or the task if you only want to assign ONLY a specific privilege to the user account.
I hope this helps.
08-23-2013 07:22 AM
Here's an article about the associated files - http://www.symantec.com/docs/TECH130113
08-23-2013 07:29 AM
Hi
Thanks to everyone for the rapid replys, especially as it is a Friday afternoon
As I said in the original message this is to do with Backup Exec Archiving option which is a cut down
"McDonalds happy meal" version of EV (everything is done in the background for you and it is very difficult to make any changes)
So basically the only way to modify the Roles is through the VAC via the Authorization Manager.
Looks like I will have to try and strip the archiving option off the Backup Exec media server and start again.
Thanks again
Cheers
Topper