Video Screencast Help

Where are EV admin roles defined in the directory database

Created: 23 Aug 2013 | 5 comments
Topper454's picture


I am trying to overcome the following error with the BE archiving option.

Access denied. User is not in a role that allows '(STO) Can Administer vault Stores and Partions'

This error appears in the EV event log when I attempt to create a vault store.

No vault stores have as yet been created.

Symantec tech note TECH182988 has been applied to no avail.

I have trawled through a "Real" EV directory database and can find no reference to the defnition of Roles.

The only reference to managing EV roles is through the VAC.

Does anyone know of a method of managing roles via registry / directory database?

Many Thanks


Operating Systems:

Comments 5 CommentsJump to latest comment

GabeV's picture

Hi topper,

I believe what you are looking for is the Authorization Manager. Do right click over the Directory in the VAC:


You can use Authorization Manager to assign the user account from BE to perform backups.

I hope this helps.

“Success is not final, failure is not fatal: it is the courage to continue that counts.”–Winston Churchill

Ben Watts's picture

Hi Topper,

No you cant really define roles via SQL, the way permissions are kept in SQL for EV, understandably is 'complex' and near impossible to use.

The Roles membership, as you mention above, is usually done via the Authorization Manager from within the VAC.

Which account are you trying to create a Vault Store with, is it the VSA or another?

Gabe beat me to it, as Gabe says, via the VAC.

GabeV's picture

Also, '(STO) Can Administer vault Stores and Partions' is considered an operation:


The Task 'EVT Manage Enterprise Vault Vault Stores' contains this operation:


So, you need to assign the Role 'Storage Administrator' to the account:


But, you can always assign just the operation or the task if you only want to assign ONLY a specific privilege to the user account.

I hope this helps.

“Success is not final, failure is not fatal: it is the courage to continue that counts.”–Winston Churchill

EdLacey's picture

Here's an article about the associated files -

Topper454's picture


Thanks to everyone for the rapid replys, especially as it is a Friday afternoonsmiley

As I said in the original message this is to do with Backup Exec Archiving option which is a cut down

"McDonalds happy meal" version of EV (everything is done in the background for you and it is very difficult to make any changes)

So basically the only way to modify the Roles is through the VAC via the Authorization Manager.

Looks like I will have to try and strip the archiving option off  the Backup Exec media server and start again.

Thanks again