Chat now with support
サポートとのチャット

Archive Manager 5.7 - Administration Guide

Administration menu Authentication modes Data loaders Download tools Federated Search Instances Groups Index management Logins Security roles Storage location Message tags Proxy credentials Alert Service Policies Exclusion rules Mail servers Mailbox assignment Mailboxes Lync servers Lync user assignment Lync users Reports Message policies Message policy assignments Retention policies Tenants System maintenance Log Viewer Exchange Utility Administering in a hosted Exchange environment Appendix A: Moving database or attachment store Appendix B: Enabling generating publisher evidence

Add a security role

1
Select the Add a Security Role link to display the Add Security Role form.
3
Click Add to add the new security role to the system.

Edit a security role

Enter a value in the Security Role field and click Search.
2
Click Edit to the left of the security role name to display the Edit Security Role form for the selected role.

Revise the security role information as described in the following steps.

The specified security action is moved from the list of actions available to add to the list of actions currently loaded and associated with the security role.

2
Click Delete to the right of the security action. The Delete Security Action confirmation message is displayed.
3
Click OK to confirm the deletion. The selected security action is removed from the list of currently-loaded security actions associated with the security role and re-displayed in the list of security actions available to add.

Delete a security role

Entering a value in the Security Role field and clicking Search.
2
Click Delete to the left of the group name. The Delete Group confirmation message is displayed.
3
Click OK to confirm the deletion. The selected security role is deleted, and the Security Role Administration form is displayed.
NOTE: Alternatively, you can delete a security role by opening the Edit Security Role form (as described in the section Edit Security Role), clicking Delete, and confirming the deletion.

Security actions

Security actions grant permissions for specific actions. Each security role has actions assigned to it that define permissions for users assigned to that role. The following is a list of security actions in Archive Manager:

Add/Edit Custom Mailboxes: Removes the ability to see or access Custom Mailboxes, but the pane always remains in view.
Add Messages: Lets a user add new messages to Archive Manager by API.
Assign PST Migration Policy: A legacy action from a previous version of Archive Manager (for backward compatibility only).
Change Authentication Mode: Lets a user access the Administration section of Archive Manager and change whether users will sign in with Windows authentication or Forms authentication. It is recommended that this action be restricted to administrators only. Changing authentication modes requires some manual configuration of the Website through the IIS Manager. Please see the see the Authentication modes chapter.
Delegate Mailboxes: Allows users to delegate permissions to the mailboxes that they own. It is assigned to the Administrator security role by default.
Download Tools: Lets a user access the Administration section of Archive Man­ager and download any of the available tools. Many of these tools augment administrative functions of Archive Manager, and it is recommended that this action be restricted to administrators only.
Edit Alert Service Policies: Lets a user create, edit and delete alert service policies.
Edit Config Settings: Lets a user to create, edit and delete configuration settings.
Edit Data Loaders: Lets a user access the Administration section of Archive Manager with rights to add, edit, and delete the Data Loader configuration. It is recommended that this action be restricted to only administrators who understand the impacts of the Data Loader configuration.
Edit Exclusion Rules: Lets a user access the Administration section of Archive Manager, with rights to add, edit, and delete Exclusion Rules. Exclusion Rules are processed by the Data Loader and can be used to prevent certain types of content from entering the archive.
Edit Federated Search Instances: Lets a user access the Administration section or Archive Manager, with rights to add, edit, and delete the Federated Search Instance configuration. This configuration also lets Archive Manager search other instances. (This action does not let a user search other instances, which is controlled by the Search All Instances security action.)
Edit Groups: Lets a user access the Administration section of Archive Manager, with rights to review groups that have been populated by the Active Directory Connector. The user can also create, edit, and delete Groups for the DEFAULT domain, which is the Archive Manager Security domain.
Edit Legal Hold: Lets a user set and remove Legal Hold. To do this, the user must have the Archive Manager Retention Editor installed. The Legal Hold tab is used to put an immediate stop on the Retention engine while urgent policy change is evaluated.
Edit Logins: Lets a user access the Administration section of Archive manager, and review the Logins that have been populated by the Active Directory Connector. The user can also create, edit, and delete Logins for the DEFAULT domain, which is the Archive Manager Security Domain. In addition, the user can edit security roles, and access mailboxes for users populated by the Directory Connector. Users cannot change their own security roles, but if they have access to the Edit Security Roles action, they will be able to add or remove actions from their security roles.
Edit Lync Archiving: Lets a user access the Administration section of Archive Manager to edit, enable, or disable a Lync server, and edit and delete security roles. Users cannot delete security roles that are in use; a security role must be removed from all logins before it can be deleted.
Edit Mailboxes: Lets a user access the Administration section of the Archive Manager website, and review mailboxes that have been populated by the Active Directory Connector. The user can also create, edit and delete Custom Mailboxes, and can edit which logins can access mailboxes populated by the AD Connector.
Edit Message Policies: Lets a user access the Administration section of Archive Manager, and create, edit and delete message policies. Use caution in assigning this privilege, since editing existing message policies can change the operational parameters for the archive and may cause unwanted behavior such as the deletion of messages from the Exchange Mailbox Store. Users cannot delete message policies that are currently in use.
Edit Message Tags: Lets a user access the Administration section of Archive Manager, and create, edit and delete message tags. Users cannot delete tags that are in use.
Edit Proxy Credentials: Lets a user manage the proxy credentials for Office 365 or hosted Exchange mailboxes.
Edit PST Migration Policies: A legacy action from a previous version of Archive Manager (for backward compatibility only).
Edit Retention Policies: Lets a user create, edit and delete retention policies.
Edit Security Roles: Lets a user access the Administration section of Archive Manager, and create, edit and delete security roles. Users cannot delete security roles that are in use; a security role must be removed from all logins before it can be deleted. Use caution in assigning this privilege, since it controls your permissions within Archive Manager.
Export Email: Makes the Export button accessible on the right-hand side of the search interface. Since this export feature applies only to search results, the button is available only when a search has been completed. The Search Exporter must be installed on the workstation for this button to export the result.
Impersonate: This security action is used for performing a Federated Search. It assigns credentials for a user on the remote instance you wish to search. When configuring Federated Instances, the Impersonate security action must be applied to the Security Role containing the configured federated user.
Person Search: Allows access to the Person Search dialog box from the To/From Search tab and the Send Message window in the Website.
Reply and Forward: Makes the Reply, Forward, and Send To Me buttons available when viewing a message. These buttons appear only when enabled if the user has an SMTP email address listed in the login record.
Search All Emails: Makes the Search All Emails check box available in the Search section of the Archive Manager User Website. Since this privilege lets a user search all email in the Archive Manager store, it should be extended only to end users who need this level of control. By default, this action is assigned to the Administrator security role, but you should consider removing it from that role once the system is in production.
Search All Instances: Makes the Search All Instances check box available in the Search section of the Archive Manager User Website, which lets a user search all email in the Archive Manager store on federated instances. The federated instances are controlled by the administrator from the Administration Website. There is no option to restrict the user to a specific instance; this action allows a user to search all configured instances.
Set Message Tags: Lets a user see the Tags tab when viewing a message, and set any of the available tags on the message. It does not let the user create tags. Creating tags is handled by the Edit Message Tags action described above.
Storage Location: Lets a user to create, edit and delete storage location.
View Additional Documentation: Lets a user access the Documentation section of the Administration Website.
View BCC: Lets a user see the BCC infor­mation for a message when it is viewed through the Archive Manager Website.
View Config Settings: Lets a user view all configuration settings.
View Delegation: Produces a report that lets a user view the history of the hosted mailbox delegation.
View Message Access History: Displays an Access tab when viewing a message in the Archive Manager Website. The Access tab lists all users that have opened and viewed the message from the Archive Manager Website. This action is not assigned to users by default.
View Message Comments: Displays a Comments tab when viewing a message, which lets a user view and add comments to the message. Comments can be marked public or private. Public comments are visible to all users who have the View Message Comments action; private comments are visible only to the user who created them.
View Message Headers: Displays a Header tab when viewing a message, which lets a user see the MIME header of the message.
View Message Journal Report: When using Journaling, displays extended information such as Distribution List expansion and BCC recipient in addition to the Journal Report.
View Message Tags: Displays the Tags tab when viewing a message, which lets the user view tags that have been applied to the message. If users need to add or delete tags, they must also have the Set Message Tags security action.
View Report - Event Log: This report is no longer available. Use the Windows Event Viewer application to view the Archive Manager Event Log.
View Report - Mailbox Scan Status: Produces a report that lets a user view the latest status of the mailbox scanning.
View Report - My Search Log: Produces a report that lets a user view a history of his/her searches within Archive Manager. This action is disabled by default. It is specifically excluded from the Administrator Security Role since that security role has access to the View Report - Search Log security action, which provides the same level of access.
View Report - Search Log: Produces a report that lets a user view a history of either a specific user over a given time period, or all users over a given time period.
View Report - Security Breach: This report is no longer available. Assign access the Unauthorized Access report instead.
View Report - Viewed Messages: This report shows all messages opened by the user.
関連ドキュメント