Export (0) Print
Expand All

Assigning Archive Roles and Permissions to Users

 

Topic Last Modified: 2011-10-06

In addition to using the administrator permission, which provides full control over all Administration Center settings, EHA supports additional permissions that provide access to specific groups of archive administration functions.

The following table summarizes the Administration Center archive-related roles.

 

Role Permissions

Administrator

The administrator has full access to all service settings and can do the following:

  • Manage all company settings and properties.

  • Manage all domains (create, modify, and delete).

  • View audit trail information.

  • Manage all user account information (create, modify, and delete). To import users from a CSV file, permission must be granted at the company level.

  • Assign FOPE and EHA permissions and roles.

  • Manage the directory synchronization tool (DST). Permissions must be granted at the company level.

  • Create and run reports.

  • Subscribe to RSS feeds.

  • Manage spam filtering and policy filtering settings for all user accounts.

  • View all quarantined email for all users.

Administrator (read-only)

The read-only administrator role has access to company and domain settings and can do the following:

  • View all company settings and properties.

  • View all domain settings.

  • View audit trail information.

  • View all user account information.

  • Create and run reports.

  • Subscribe to RSS feeds.

  • Run a message trace.

Reporting user

The reporting user has access to reporting features and can do the following:

  • Create and run reports.

  • Trace messages.

Account manager

The account manager has access to user account management features and can do the following:

  • View all company settings and properties.

  • View all domain settings.

  • Manage all user account information (create, modify, and delete). To import users from a CSV file, the permission must be granted at the company level.

  • Manage the DST. Permission must be granted at the company level.

NoteNote:
This role cannot change passwords for administrators.

Quarantine administrator

The quarantine administrator has access to spam-quarantined and policy-quarantined messages, and can view all quarantined email for all users.

Archive relationship administrator

The archive relationship administrator can view and modify user relationships for hosted archive users.

Archive retention administrator

The archive retention administrator can view and modify retention policy settings for the hosted archive service.

Archive roles administrator

The archive roles administrator can view and modify user roles for EHA Archive Viewer users, and can create custom user roles for the Archive Viewer users.

Archive compliance administrator

The archive compliance administrator can view and modify compliance-related settings in the Administration Center.

The level of access a user has is governed by the roles that are assigned to him. Users can be assigned multiple roles, and each role can be assigned to multiple users. EHA provides 11 standard roles, which are described in the following table. A user must be assigned the worker role to log on to the viewer.

 

Archive Role Permissions

Compliance manager

A compliance manager can view all user messages and use all Archive Viewer functions.

Compliance officer

A compliance officer is similar to a supervisor, but can resolve all escalated messages.

Compliance operator

A compliance operator has most of the rights of the compliance manager, but cannot view contents of messages other than his own or messages shared with him.

Disaster recovery manager

A disaster recovery manager can view and restore her own messages, send emergency notifications, and run some disaster discovery related reports. In order for a disaster recovery manager to restore all messages, a custom role must be set up that explicitly allows the disaster recovery manager to view and export other users' messages.

External compliance auditor

An external compliance auditor can access the Discovery tab in the Archive Viewer.

Human resources manager

A human resources manager can view her own messages and messages shared with her; she can also view her own folders and folders shared with her.

Monitor

A monitor is an external individual who has access to folders and messages specifically shared with him.

Supervisor

A supervisor can view and review messages of assigned subordinates; supervisor can also annotate and escalate messages for further review.

Technical administrator

A technical administrator can run most reports, in addition to having access to his own messages.

Worker

A worker can view and search their own messages, send and receive messages, restore his own messages, create folders for his messages, and export his messages.

You can view the predefined permissions that make up the roles by clicking on the Administration tab, and then clicking on the Company tab.

To assign archive roles and permissions to user accounts
  1. In the Administration Center, click the Administration tab, and then click the Users tab.

  2. Select the check boxes next to the user accounts that you want to assign archive roles to, and then click Assign Archive Permissions.

  3. In the Edit Archive Role Settings dialog box, select the archive roles that you want to grant to the selected users, and then click Save.

In addition to the standard roles, you can create custom roles. Any standard role can be used as a template for a custom role, with specific permissions added or removed. The following table summarizes the permissions that are available for custom roles.

 

Permission Description

Customer extended

The user can access domain and detailed customer information.

Customer limited

The user can view alert messages.

Customer report

The user can view system statistics and audit event reports.

Customer review

The user can view attorney-client privileges, policy-based exclusions, and dictionaries.

Folder extended

The user can share or stop sharing the user's own folder.

Folder limited

The user can view and add messages to the user's own folders or folders shared to them (presented in the Messages pane under My Folders and Other's Folders).

Message all

The user can search, view, export, restore, annotate, and copy any and all messages in the customer archive (presented in the Discovery pane under All Messages).

Message all handle escalation

The user can search, view, export, restore, annotate, copy, and handle review escalations for any and all escalated messages in the customer archive (presented in the Review pane under Escalations).

Message all report

The user can view SEC17a-4, activity summary, email summary, archive summary, attachment summary, daily statistics, and destruction reports.

Message all review

The user can search, view, export, restore, review, annotate, and copy any messages subject to compliance review in the customer archive (presented in the Review pane under Review).

Message all review report

The user can view the Supervisory Review Evidentiary report.

Message handle escalation

The user can search, view, export, restore, annotate, copy, and handle review escalations for subordinates (presented in the Review pane under Escalations).

Message individual

The user can search, view, export, restore, annotate, and copy the user's own messages (presented in the Messages pane).

Message review

The user can search, view, export, restore, review, annotate, copy, and update review messages for subordinates (presented in the Review pane under Review).

Message shared limited

The user can view, export, restore, annotate, and copy messages in folders shared to them.

Message subordinate

The user can search, view, export, restore, annotate, and copy messages for subordinates (presented in the Discovery pane under Monitor).

Notification email send

The user can send an emergency notification email message.

Relationship individual

The user can view user relationships as presented through a compliance search in the Review pane.

User all report

The user can view the employee roster and privileged roles reports.

User limited

The user can view the user's own details, in addition to other users' summary information (for example, as presented in people picker).

Viewer login

The user can log on using the Archive Viewer.

Customer data import

Not available in this release.

Customer retention report

Not available in this release.

Customer review report

Not available in this release.

Relationship all report

Not available in this release.

To create a custom role
  1. In the Administration Center, click the Administration tab, and then click the Company tab.

  2. In the Security pane, click Add next to Custom User Roles.

  3. In the Name field, type a name for the new role.

  4. In the Template section, click a previously defined role to use as a template.

  5. In the Permissions section, select or deselect individual permissions for the new role.

  6. When you are satisfied with the new role, click Save.

 
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft