Compliance
ArchiveWeb provides the ability to manage user access to archived files on a network share. Users must accept the security policy to be able to open archived files.
As an administrator or a user with the appropriate permissions, you can define a policy condition, agreement term, and reminder. You can define notification templates for Access Denied and Reminder messages and see a list of all users with the date of acceptance of conditions and status.
Users are notified by email when access to a protected archive file is denied and when the policy consent expires.
|
|
NOTE: Email notifications are sent only once. It is recommended that the administrator should send an email to all first-time users who are registered in ArchiveWeb to accept the policy agreement. |
In this topic:
·Granting compliance permissions to users
·Configuring compliance settings
·Accepting compliance agreements
A working SMTP server is needed to send notification emails to users. The SMTP server must be configured with the Archive Manager Configuration Tool.
1.Open the Archive Manager Configuration Tool from <installdir>\Program Files (x86)\Common Files\PAM\PAMConfig\PamConfig.exe.
2.From the feature panel on the left in the Configuration wizard, click Users.
3.Verify that the database and scripts are up to date.
4.Open the SMTP Configuration tab and set the properties as described below:
Server name - Name or IP address of the SMTP server
Port - SMTP server port
Use SSL - select the check box if the SMTP server requires an SSL connection
User name, Password - SMTP server credentials
Sender email - Email address of the sender
Number of retries - Number of times that the SMTP server will attempt to send the message
5.Click Apply and then close the window.
1.Open Archive Manager for Files
2.Connect to the Archive Manager for Files server
3.From the navigation panel, click Settings.
4.In the Other options section select the Activate compliance permissions check box and click Apply.
Granting compliance permissions to users
1.Log in to ArchiveWeb
2.From the main menu, click the username dropdown and then select Manage settings.
3.From the local toolbar, click Permissions.
4.Click 
5.Select the administrator and from the Permissions panel on the right, grant the following compliance permissions:
·Allow policy managed download
·Compliance management
6.Add more users and grant the Allow policy managed download to grant access to archived files. Grant Compliance management if the user requires management access.
7.All users must log out and log in again to refresh compliance settings in their session of ArchiveWeb.
1.Log in to ArchiveWeb
2.From the main menu, click Compliance.
3.From the navigation panel, select Agreements.
The columns are described below:
a.Username - Name of the user
b.Email address - email address of the user
c.Agreement date - date and time when the compliance policy was accepted.
d.Status - status of the compliance policy. the status value are as follows:
·Approved - User has confirmed their agreement to the policy.
·Rejected - User has declined the policy.
·New - Administrator has granted the Allow policy managed download permission, but the user has not yet accepted the policy agreement.
·Canceled - Administrator has changed the policy settings and canceled all user agreements.
·Expired - the policy term has ended.
e.Expiration date - Date and time when the compliance policy expires.
1.Log in to ArchiveWeb.
2.From the main menu, click Compliance.
3.From the navigation panel, select Templates.
4.In the top section, prepare the template for the Access Denied message in the template editor.
5.In the bottom section, prepare the template for the Reminder message in the template editor.
6.Click Save at the bottom right corner to commit any changes.
Configuring compliance settings
1. Log in to ArchiveWeb
2.From the main menu, click Compliance.
3.From the navigation panel, select Settings.
Configure the settings as described below:
a.Agreement term - Number of months during which the policy is active.
b.Remind user before expiration - Number of days before the policy expires when a reminder message will be sent to the user.
c.Policy - prepare the policy statement using the template editor.
4.Click Save at the bottom right corner to commit any changes.
5.In Cancel Agreement dialog click Yes to cancel all agreements with users. Users must accept the new policy agreement. Click No to change the policy for new users only (or when saving a policy for the first time).
Accepting compliance agreements
When users who have been granted the Allow policy managed download permission log in to ArchiveWeb, then will see the Policy Agreement page. Users must accept the Policy Agreement to work with protected archived files. This page is also available to users from the [User name] > Manage Settings > Profile > Policy Agreement page, if they want to accept the agreement at a later time.
1.Select the check box I agree
2.Click Save at the bottom right corner to commit any changes.
General Data Protection Regulation
ArchiveWeb now supports option to manage the new General Data Protection Regulation (GDPR) regulations. User can create a retention change request (for Exchange and/or Files items) via context menu. When the request is created, approver(s) get email notification and can review the request. User who created a request is informed via email notification once approver has processed the request. User (who has appropriate permission) can follow the requests in ArchiveWeb by clicking on Retention tab. User can see open, approved and denied requests and also the history.
Approver(s) except of these read-only functions (opened, approved, denied requests and history) have ability to export all items from request to ZIP file, denied the entire request and approve (all or selected) items from request.
To use all features of new Retention functionality the working SMTP server is needed, however to use Retention functionality the SMTP is not mandatory. The SMTP service is used to send notification emails to approver(s) and/or retention requester(s).
If youd like to use SMTP service (set SMTP server to use with ArchiveWeb) see the next section: Setting SMTP server under Archive Manager Configuration (PamConfig).
Archive Manager Configuration (PamConfig)
·First, configuration has to be done outside of ArchiveWeb. Open Archive Manager Configuration Tool from <installdir>\ Program Files (x86) \ Common Files \ PAM \ PAMConfig \ PamConfig.exe.
1.Click on Users tab.
2.Make sure that database and scripts are up to date.
3.Click on Users tab / SMTP configuration tab and set the required settings
oServer name specify SMTP server name or IP address where the SMTP server is installed
oPort specify the SMTP port
oUse SSL check this button if the SMTP requires SSL connection
oUser name, Password specify SMTP credential
oSender email specify email address which will be used to hand-shake with the SMTP
oNumber of retries specify number of retries the SMTP will try to send the message
ArchiveWeb
Permissions
New Retention permissions have been added to ArchiveWeb:
|
Permission |
Default value |
Meaning |
|
Approve retention change requests |
Denied |
Allows to approve or denied the retention change request and export items |
|
Create retention change request |
Denied |
Allow to create a new retention change request and to display Retention tab at the top of the navigation bar with ability to list open, approved, denied requests and history. |
Archive tab Exchange
User who has at least Create retention change request permission will be able to create a retention change request from the context-menu for selected item(s).
For single item in a preview pane, click on [ ] action menu and select Create retention change request option
For multi selected items from context-menu select Create retention change request option
In both cases the following pop-up window will appear:
·Task name name for retention change request
·Delete request select to create a delete request
·Set retention time to select to set a new retention time in months. The purpose for this option is create a retention change request to decrease retention time
·Delete items after the retention expires by selecting this option the expired items will be automatically deleted
·Reason for request description of request
By clicking on Send request the retention change request will be submitted for approval. Newly created retention change request will appear in Open and History grids in Retention tab.
NOTE: Only items which have no Legal hold flag set will be added to retention change request.
When the SMTP is correctly set, notification email will be send for user(s) who have Approve retention change requests permission set.
Example of notification email:
Archive tab Files
User who has at least Create retention change request permission will be able to create a retention change request from the context-menu for selected item(s).
For single item in a preview pane, click on [ ] action menu and select Create retention change request option.
For multi selected items from context-menu select Create retention change request option.
In both cases the following pop-up window will appear:
·Task name name for retention change request
·Delete request select to create a delete request
·Set retention time to select to set a new retention time via calendar. The purpose for this option is create a retention change request to decrease retention time
·Delete items after the retention expires by selecting this option the expired items will be automatically deleted
·Reason for request description of request
By clicking on Send request the retention change request will be submitted for approval. Newly created retention change request will appear in Open and History grids in Retention tab.
NOTE: Only items which have no Legal hold flag set will be added to retention change request.
When the SMTP is correctly set, notification email will be send for user(s) who have Approve retention change requests permission set.
Retention tab
This menu option is available to user who has at least Create retention change request permission set. The user can see list of open, approved, denied requests and history.
|
Column |
Meaning |
|
Task name |
Retention change request task name |
|
Request type |
Request type: Change retention request request to decrease retention time Delete request request to delete item |
|
Requested retention |
Contains retention time requested in Change retention request task; for Delete request this column is empty |
|
Automatic Deletion |
Informs if the option "Delete items after the retention expires" is activated for the given item |
|
Submitted by |
Name of the user who submitted the request |
|
Date created |
Date-time when the request was submitted |
|
Processed by |
Name of the user who approved/denied the request |
|
Date processed |
Date-time when the request was approved/denied |
|
Submitted items |
Number of items in submitted request |
|
Status |
Request tasks status |
|
Reason |
Approve/Denied reason |
|
Reason for request |
Reason the submitter entered |
OPEN REQUESTS
When a user has Approve retention change requests permission, it means the user is an approver and has permission to Approve, Denied or Export request items. In this case when the OPEN REQUESTS tab contains any request, after clicking on a request in a grid, the item list grid should look like (double-click on item in the list grid will invoke item preview in a pop-up window):
·Approve selected selected items will be prepared for approval process. After the approver confirms the following dialog, the items will be asynchronously processed
If the SMTP is correctly set the submitter will be informed via email, example of notification email
·Deny all all items (no selecting is required) will be prepared for deny process. After the approver confirms the following dialog, all items will be denied, no operation from retention change request will be processed and if the SMTP is correctly set the submitter will be informed via email
·Export all all items will be exported to ZIP file. There is option to encrypt the output ZIP file with a password
APPROVED REQUESTS
Grid contains list of approved requests
DENIED REQUESTS
Grid contains list of denied requests
HISTORY
Grid contains list of requests (open, approved and denied). For approved and denied requests after clicking on a request in a grid, items grid will contain list of items (double-click on item in the list grid will invoke item preview in a pop-up window)
The list grid contains processed and waiting filters.
|
Column |
Meaning |
|
From |
For Exchange items senders name |
|
To |
For Exchange items recipient(s) names |
|
Subject |
For Exchange items items subject |
|
Folder |
For Files items folders name |
|
Name |
For Files items files name |
|
Approved |
Indicates whether the item was approved |
|
Error |
Contains error message, if any |
|
Warning |
Contains warning messages, if any |
·Processed contains list of processed items.
oFor Change retention request items with selected Approved column have been processed, retention time have been changed; if error occurred the Error column will contain a message
oFor Delete request items with selected Approved column have been processed by Delete job, item has been deleted; if error occurred the Error column will contain a message
·Waiting contains list of items waiting for processing.
oFor Delete request items with selected Approved column waiting for Delete job to process the items
ArchiveWeb Settings
As default, only the super-user specified in Archive Manager for Exchange or Archive Manager for Files (see note below) can access ArchiveWeb and all its functions. If another user/group should be able to manage roles, super-user can allow access for them in the following ways:
·in ArchiveWeb under logged on user / Manage settings / Permissions
·in Archive Manager for Exchange Administration Center on the Tools / Options / User Roles the given user has to be added with Modify roles option checked
·in the Archive Manager for Files Administration Center on the Settings / User management tab the given user must have the User management permission allowed
Please note: Super-user is specified in:
·Archive Manager for Exchange Administration Center / Tools / Options / User Roles)
or
·Archive Manager for Files (Enterprise Manager / Settings / User management)
Roles and Permissions pages allow permission management on user/group level. Individual users can inherit permission or can be granted direct permissions. The priority of permissions follows this order:
1.Direct permission defined for a user (blue highlight under Permissions) on a server
2.Global direct permission defined for a user (blue highlight under Permissions)
3.Inherited permission (yellow highlight under Permissions) on a server
4.Global inherited permission (yellow highlight under Permissions)
5.Default settings (no highlight under Permissions)
All defined permissions apply only for the given instance of ArchiveWeb.
On these pages you can allow or deny access to ArchiveWeb features and menu options for individual users or groups, i.e. allow or deny roles. Under Roles, users are assigned to roles. Under Permissions, roles are assigned to users.
Roles
To display the Roles page, click the logged-on user name in the right-upper corner. Select Manage settings from the drop-down menu, then click Roles on the grey sub-bar. In the left pane select the server for which the roles should apply. Now you can assign users/groups to ArchiveWeb roles in the main pane.
List of roles is split into sections Exchange Archive features are listed under Exchange roles, search features under Search roles etc. Select a role in the list view. All users/groups with access to ArchiveWeb allowed in the Enterprise Manager are displayed under the list view. In case the desired user is not visible, click the Find users and groups icon (
If you click the Delete icon (
NOTE: Users deleted in Active Directory but still existing in Archive Manager are displayed as strikethough.
To assign users/groups to roles:
1.In the left pane the Global option is selected by default; i.e. the configured settings apply to all Archive Servers (File Archive or Exchange Archive) in the environment. Should you wish to apply settings only for a specific server, click it in the left pane; e.g. if you want to allow Legal Hold only for one File Archive Server and not for others.
2.Select the desired role in the list of roles.
3.If the desired user/group does not appear among associated users under the list view, you can add it. Click the plus sign (
4.Check the users/groups you want to manage and click OK.
5.The selected users/groups are displayed in the main pane. Manage their roles by checking Allow / Deny.
IMPORTANT NOTE:
If UseGlobalPermissionsForAllServers key is set to TRUE or this key does not exist in web.config, the Roles page lists only Global setting. In this case roles for users are set globally, i.e. role set will be applicable to all servers.
Otherwise, if the UseGlobalPermissionsForAllServers is set to FALSE, all available servers will be listed and roles can be set on any server/location. Using this option can slower login process because all accessible servers/locations needs to be searched for roles.