Enterprise Vault Compliance Accelerator and Discovery Accelerator Accounts and Permissions

Article:TECH200788  |  Created: 2012-12-12  |  Updated: 2012-12-12  |  Article URL http://www.symantec.com/docs/TECH200788
Article Type
Technical Solution

Product(s)

Issue



This article describes the various permissions that are required when using the Enterprise Vault Compliance Accelerator (CA) and Discovery Accelerator (DA) products. The requirements here are in addition to those required by the core Enterprise Vault product, and which are described in the companion article TECH76700. As some accounts are feature-specific, not every environment will make use of every account and permission listed here. Rather, this article is meant as a reference to double check when troubleshooting permissions-related errors in the Accelerator products.


Solution



Select from the sections below to view their details.
 


Requirements for CA/DA
 

Note: These are requirements that CA and DA have in common. These requirements must be satisfied in any environment where either CA or DA is in use, or where both are in use.

Requirements

The Vault Service Account's (VSA) requirements in Microsoft SQL Server Reporting Services

  • The VSA requires a System Administrator role on the SQL reporting server (instructions).
     
  • The VSA requires a Content Manager role on the Home folder of the SQL reporting server (instructions).
Permissions on the Windows and ASP.NET temp folders
  • The Authenticated Users group must have Full Control permissions on both the Windows temp folder and the ASP.NET temp folder (instructions).
     
  • This allows users to access the products' web sites, such as the Accelerator Manager site.

 

Requirements for DA Analytics


Requirements
:


The VSA's requirements in SQL Server

  • The VSA requires the following rights on the msdb system database (instructions):
     
  • Select permissions on the sysjobhistory, sysjobs, sysjobschedules, sysjobservers, sysjobsteps, and sysschedules tables
     
  • Execute permissions on the sp_add_category, sp_add_job_, sp_add_jobschedule, sp_add_jobserver, and sp_add_jobstep stored procedures
 
 
Requirements for DA Custodian Manager
 
Note: In most cases, the VSA and the Custodian Manager synchronization account are one and the same.

Requirements:
 
The Custodian Manager synchronization account's requirements in Active Directory
  • The Custodian Manager synchronization account must be delegated the following common tasks (instructions):
     
  • Read all user information
     
  • Read all inetOrgPerson information

  • The Custodian Manager synchronization account must have the following permissions on the Deleted Objects container (instructions):
     
  • List Content
  • Read Property

 





Article URL http://www.symantec.com/docs/TECH200788


Terms of use for this information are found in Legal Notices