Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Archive Permission

Created: 30 Oct 2013 • Updated: 30 Nov 2013 | 9 comments
This issue has been solved. See solution.

I need to find permissions that where added to an archive via the EV management console. I have over 20k archives so using permissionbrowser.exe is not an option. Anyone have a utility or sql script that can help me out?

Operating Systems:

Comments 9 CommentsJump to latest comment

GabeV's picture

Hello Donnal,

Unfortunately, the archive permissions are encrypted in the Enterprise Vault Directory database in binary format. Even though if you can read the permissions using a SQL query, you won't be able to determine what user has permissions over the archive. There is another thread where this issue was discussed befoire, I'll try to find out the link.

“Success is not final, failure is not fatal: it is the courage to continue that counts.”–Winston Churchill

GabeV's picture

Here is the link

https://www-secure.symantec.com/connect/forums/sql...

I hope this helps.

“Success is not final, failure is not fatal: it is the courage to continue that counts.”–Winston Churchill

EV_Ajay's picture

Hi Donnal,

Please try following SQL Script : 

Use EnterpriseVaultDirectory

Select AA.ArchiveName,  RT.VaultEntryId AS ArchiveID, ac.ACEType as PermissionType, TT.SID from Archive AA

Inner join ACE AC

on aa.RootIdentity = ac.RootIdentity

Inner join Trustee TT

ON  TT.TrusteeIdentity = AC.TrusteeIdentity

INNER JOIN Root RT

ON RT.RootIdentity = AA.RootIdentity

---Archive those don't have permission would not come in this list. PermissionType '0' mean archive have only Automactic permission, 1 mean only manual permssion via VAC (in case of shared/fileserver/PF), 2 mean it has combination of automatiac/manual permission.

--It will also not give granular information such permission level such read/write/delete or Deny/allow.

--These SID can be taken in excel sheet and You may need to run other powershell/AD script for user/group with associated SID then need to compare (need to do some research in google to findout any easy way to get SID with user/group)

Thanks,

Ajay

SOLUTION
GabeV's picture

Is that the same post from this link?

https://www-secure.symantec.com/connect/forums/nee...

“Success is not final, failure is not fatal: it is the courage to continue that counts.”–Winston Churchill

EV_Ajay's picture

Hi Donnal,

Have you run the script. If you face issue , please let me know.

Thanks,

Ajay

EV_Ajay's picture

Hi Donnal,

Have you got the required result.

Please let us know.

Thanks,

Ajay

Donnal Spence's picture

Yes with this query and pulling all SID's from AD I was able to get the information I needed. Thanks for your help with this. 

EV_Ajay's picture

Hi Donnal,

Thanks for your reply.

Could you mark as solution for the comment which help you to solve your issue.

Thanks,

Ajay

EV_Ajay's picture

Hi,

Thanks for marking as solution.

Thanks,

Ajay