Video Screencast Help

How to set Authorization Scope

Created: 04 Dec 2012 • Updated: 16 Dec 2012 | 6 comments
Peter_N's picture
This issue has been solved. See solution.

Hi,

i need to create a Enterprise Vault autorization group to permit multiple site admins to:

a) import psts to archives

b) which are in the vault store of their site only

Is it possible to scope the authorization definition to a Vault Store or Group of Users?

Has anyone built a working "import pst only" definition?

 

Thank you for any advice.

PS: All archives are on 1 EV Server in the HQ

 

Comments 6 CommentsJump to latest comment

TonySterling's picture

Sorry, but I don't think that will be possible based on your requirements.  I am bit confused by the request, what is the use case?

AndrewB's picture

there is a role called PST Administrator. have you tested it already? does that give too much?

i see a task for "EVT Import and Export Archives" but not one for just Import Archives.

Andy Becker | Authorized Symantec Consultant | Trace3 | Symantec National Partner | www.trace3.com

Peter_N's picture

 

Hi,

thank you for the response.

The use case is, my customer has a central IT department in Austria with centralised Exchange Server and Enterprise Vault Server. They have subsidiaries in Brazil, China, Denmark, etc. They want the local administrators of the subsideries to import the Users PST into the related Vault Store (which are separated by location).

e.g.: Brazil Admins to import local PSTs to Brazil Vault Store in Vienna

I know the "EVT Import and Export Archives" Role.

My customer has 2 problems with that:

They dont want that its possible for a subsidiary admin to export any vault data to PST, exept his own country.

So requirement is a role:

1) to only import data (mendatory)

2) to scope only on the Vault Store for the country (if possible)

 

I dont know if there is a different way to do this. We have the "locate, assign, import" process in place for the austria psts, because they can decide what psts to import for their own people.

 

regards

Peter

PS: sorry for my late answer. I didnt get a notification about pending replys, but only spam about every other threat that is new.

 

 

 

 

TonySterling's picture

Sorry, but you are not going to be able to limit the scope of the PST migration to certain PSTs to certain archives or by country. 

Perhaps enable auditing so you can track if someone does that??

SOLUTION
Peter_N's picture

Thanks again. I guess that should be a "arent".

At least it should be possible to build a new role to just import and not export.

Guess i need to work that out on my own.

 

regards

Peter

TonySterling's picture

Yep, sorry about that.  :)  I fixed it in the post so it makes sense.