Chat now with support
Chat with Support

Metalogix Archive Manager for Exchange 8.3 - ArchiveWeb Manual

Roles

To display the Roles page, click the logged-on user name in the right-upper corner. Select Manage settings from the drop-down menu, then click Roles on the grey sub-bar. In the left pane select the server for which the roles should apply. Now you can assign users/groups to ArchiveWeb roles in the main pane.

List of roles is split into sections – Exchange Archive features are listed under Exchange roles, search features under Search roles etc. Select a role in the list view. All users/groups with access to ArchiveWeb allowed in the Enterprise Manager are displayed under the list view. In case the desired user is not visible, click the Find users and groups icon (ARCHIV~1_img14) to add it to the list. Current status of user/groups in respect to the given role is marked by a check mark.

If you click the Delete icon (ARCHIV~1_img15) the user disappears from the list and will be assigned only the default roles.

NOTE: Users deleted in Active Directory but still existing in Archive Manager are displayed as strikethough.

 

clip0012

 

To assign users/groups to roles:

1.In the left pane the Global option is selected by default; i.e. the configured settings apply to all Archive Servers (File Archive or Exchange Archive) in the environment. Should you wish to apply settings only for a specific server, click it in the left pane; e.g. if you want to allow Legal Hold only for one File Archive Server and not for others.

2.Select the desired role in the list of roles.

3.If the desired user/group does not appear among associated users under the list view, you can add it. Click the plus sign (ARCHIV~1_img17) on the bottom. The Find users or groups pop-up dialog appears. In the Domain drop-down box select the domain in which you want to search. Then search for the user/group.

4.Check the users/groups you want to manage and click OK.

5.The selected users/groups are displayed in the main pane. Manage their roles by checking Allow / Deny.

 

IMPORTANT NOTE:

If UseGlobalPermissionsForAllServers key is set to TRUE or this key does not exist in web.config, the Roles page lists only Global setting. In this case roles for users are set globally, i.e. role set will be applicable to all servers.

Otherwise, if the UseGlobalPermissionsForAllServers is set to FALSE, all available servers will be listed and roles can be set on any server/location. Using this option can slower login process because all accessible servers/locations needs to be searched for roles.

Permissions

To display the Permissions page, click the logged-on user name in the right-upper corner. Select Manage settings from the drop-down menu, then click Permissions on the grey sub-bar. Now you can assign ArchiveWeb permissions to users/groups in the main pane.

Super-user has ability to control access list, i.e. who is allowed to log into ArchiveWeb. Super-user has to set user and/or group who has permission to log in ArchiveWeb. The affected permission is “Logon in ArchiveWeb” and can be set in Manage settings in Roles and/or Permissions sites:

Default permission is ALLOWED – user is allowed to log in ArchiveWeb.

Snap10

 

Users/groups which already have some roles assigned manually are listed on the right. Click the user/group to display and manage its roles in the right pane. List of roles in the right pane is split into sections - Exchange Archive features are listed under Exchange roles, search features under Search roles etc.

NOTE: Users deleted in Active Directory but still existing in Archive Manager are displayed as strikethough.

 

clip0013

To assign roles to users/groups:

1.Select the desired user on the right. If the user is not listed, click the Add user or group symbol (ARCHIV~1_img19) in the left pane.

2.In the Find users or groups pop-up dialog choose whether you’d like to search in Office 365 users or in Active Directory users.

To search in Office 365 users – check Office 365 user checkbox. User can be searched by user-name, logon-name or display-name. Asterisk (*) wildcard can be used.
Note: Office 365 users need to be previously imported via Archive Manager for Exchange.

Snap8

To search in Active Directory users – leave “Office 365 user” checkbox unchecked. Enter domain name and user/group name. Asterisk (*) wildcard can be used.

When fields are filled by clicking the Search button search in desired category is invoked.Select the desired users/groups in the search results and click OK.

3.The selected user/group appears in the left pane. Select the user/group to manage its ArchiveWeb permissions in the right pane.

4.List of roles on the right is split into sections. Exchange Archive features are listed under Exchange roles, search features under Search roles etc. Further, each role can be allowed/denied on global level or on individual archive server level. Permissions which are set manually are highlighted in blue. Inherited permissions are highlighted in yellow. (More information on permission hierarchy find at the beginning of this chapter.)

To remove users/groups:

1.Click the Remove users or groups symbol (clip0055) in the left pane.

2.In the Remove users or groups pop-up dialog select users or groups you’d like to remove.

3.Click OK.

 

Allow all (ARCHIV~1_img17) and Deny all (ARCHIV~1_img21) roles buttons on the bottom of the page can allow/deny all global roles for a user. To add user/group to the list, click the Find users or groups icon (ARCHIV~1_img14). Click the Reset to default (ARCHIV~1_img23) symbol to reset all user permissions to default. For the list of default permissions see Addendum / List of default ArchiveWeb permissions.

 

List of default ArchiveWeb permissions

The table below lists default user’s ArchiveWeb permissions. They are managed under Roles and Permissions.


Role

Default value

Exchange

Set "Legal Hold" flag

Denied

Exchange

Show "Legal hold" flag

Denied

Exchange

Show lost data

Allowed

Exchange

Compare mailbox with archive

Allowed

Exchange

Apply tags

Allowed

Exchange

Add comments to mails

Denied

Exchange

Show comments

Denied

Exchange

Delete item

Denied

Exchange

Restore items

Denied

Exchange

Show own mailbox

Allowed

Exchange

Show shared mailbox

Allowed

Exchange

Show public folders

Allowed

 

 

 

File

Set "Legal Hold" flag

Denied

File

Show "Legal hold" flag

Denied

File

Apply tags

Allowed

File

Compare file system with archive

Denied

File

Find files without shortcut

Denied

File

Add comments to files

Denied

File

Show comments

Denied

File

Delete files

Denied

File

Restore files

Denied

File

Show files server

Allowed

 

 

 

Journaling

Access journal

Denied

 

 

 

Search

Search mails

Allowed

Search

Search files

Allowed

Search

Save search result to database

Allowed

Search

Export to mailbox

Denied

Search

Export to PST

Denied

Search

Export to ZIP

Denied

Search

Delete saved result

Allowed

 

 

 

Statistics

Mails - Show statistics

Denied

Statistics

Files - Show statistics

Denied

Statistics

Export statistics

Allowed

 

 

 

Management

Extend retention time

Denied

Management

Configure Files servers

Denied

Management

File management

Denied

Management

Manage scheduler

Denied

Management

Search servers management

Allowed

Management

Logon in ArchiveWeb

Allowed

 

 

 

Auditing

Show auditing logs

Denied

Auditing

Export auditing logs

Denied

Auditing

Apply tags

Denied

Auditing

Access all mailboxes

Denied

Auditing

Export results to ZIP

Denied

Auditing

Auditor access

Denied

 

 

 

Retention

Approve retention change requests

Denied

Retention

Create retention change request

Denied

 

Auditor Access

Journals in Exchange Server are used to enforce legal, regulatory, and organizational compliance in organizations by recording all or targeted email messages. In addition to journals, mailbox audit logs are also used to track who logs on to the mailboxes in your organization and what actions are taken by delegate users.

Auditor Access grants users the ability to view all mailbox journals that are imported, audit logs, retentions and search. Use this powerful feature with discretion.

To use this feature you must grant Auditor access permissions to at least two users. The two-user authentication mechanism works as follows: If John wants to log in as an auditor, he must have the Auditor access permission, and he must able to specify the user name of another user who has the Auditor access permission, before he can successfully log in as an auditor.

Steps to grant the Auditor access permission to a user

1.Log in to Metalogix Archive Manager ArchiveWeb with the credentials of a user who has the ability to grant permissions to other users.

auditor-access-step-1

2.From your account name drop down, select Manage Settings.

3.Select the Permissions tab.

4.Click the Add User icon and locate the user from the Find Users or Groups search window.

5.Select the user from the user list on the left to display the permission set in the right-hand pane.

6.Select the check box for Auditor access.

info

NOTE: No user is granted this permission by default. As a result auditor access is denied to all users including the super-user.

auditor-access-step-2

7.In the confirmation dialog that appears, click Yes to grant the Auditor access permission.

info

NOTE: Granting the Auditor access permission automatically grants all permissions of type Auditing.

auditor-access-step-3

8.Repeat the above steps to grant the Auditor access permission to at least one or more users as needed.

Steps to log in as an auditor

1.If you have the Auditor access permission, enter your user name and password in the ArchiveWeb log in page.

2.Toggle the Auditor access button to turn on the feature. Notice that the user name field label changes to Auditor 1 user name. This is the account that will be used to log in as an auditor.

3.Click sign in. The Auditor 2 user name field appears.

auditor-access-step-4

4.Enter the user name of another user who has the Auditor access permission.

5.Click sign in again.

6.If the two-user authentication succeeds, the Metalogix Archive Manager workspace appears.

7.From the top bar, click archive to open the archive view.

8.Click the Exchange tab.

9.Expand the Mailboxes node and select a journal to view its contents.

auditor-access-step-5

info

NOTE: If you have added a journal mailbox but cannot see its contents, check the Mailbox type property of the mailbox.

To specify a journal type mailbox follow the steps below:

1.Select the journal mailbox, and right-click to open the context menu

2.From the context menu select Properties to open the Properties window.

3.In the General tab, locate the Mailbox type property.

4.Set this value to Journal by selecting the value from the drop down.

5.Click OK to confirm the change and return to the mailbox.

auditor-access-step-6

 

 

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating