contentACCESS documentation – version 3.5

  1. Introduction to contentACCESS
    1. Services provided by contentACCESS
    2. Software requirements
  2. contentACCESS setup package
    1. Installation of contentACCESS
      1. EULA
      2. Installation type
      3. Components
      4. Prerequisites
      5. Base folder
      6. Service settings
      7. Database connection
      8. contentACCESS Central Administration
      9. contentACCESS Web Services (Proxy)
      10. contentWEB
      11. Central login
      12. Virtual drive
      13. Search service
      14. SMTP server
      15. Overview
      16. Installation
      17. Summary
  3. contentACCESS components
    1. contentACCESS Central Administration
      1. Central administration login
      2. contentACCESS Automated single sign on
      3. Central Administration logout
      4. contentACCESS Central Administration user interface
    2. contentWEB
      1. Logging in to contentWEB
      2. contentWEB Automated single sign on
    3. Virtual drive
    4. contentACCESS Web Services (Proxy)
    5. Central login page
  4. contentACCESS Tools
    1. Installing Outlook forms
    2. Legacy email archive connectors
    3. Legacy archive connector for Metalogix Archive Manager Exchange Edition (MAM EE)
    4. Legacy archive connector for Email Lifecycle Manager (ELM)
    5. Installing TECH-ARROW’s WinShortcutter
    6. contentACCESS Outlook add-in
      1. Installation of contentACCESS Outlook add-in
      2. How to use contentACCESS Outlook add-in
  5. Tenants in contentACCESS
    1. How to create a new tenant
    2. Tenant limitations
    3. How to provide access to a tenant (adding new tenant administrators)
    4. Tenant administrator invitation types
    5. Tenant associations
      1. Tenant - database association
      2. Tenant - user association
    6. Tenant deletion
  6. General system configurations
    1. Connection
    2. User interface
    3. Users in contentACCESS
    4. Invitations
    5. Roles
      1. Creating roles
      2. Role details
      3. Role assignment
      4. Defining specific permissions of a role assignment
      5. Editing roles, editing role assignments
      6. Role cloning
      7. General use cases of how to create/assign roles
      8. Managing access to contentACCESS objects
    6. Login providers
      1. Login providers’ context menu options
      2. External login provider configuration
        1. Configuring Google OAuth
        2. Configuring Office 365 login provider
        3. Exchange login provider
        4. External AD login provider
      3. Associating an enabled provider with a user login
      4. contentACCESS users in third party systems
    7. System
    8. Licensing
      1. How to activate your license key
    9. Notifications
    10. Monitoring — how to find out possible misconfigurations / reasons of potential system/job failures
    11. Auditing
    12. Distributed environment in contentACCESS — Clusters
    13. Statistics
    14. Legal hold
    15. Task runner
    16. Indexing
    17. SMTP Servers
    18. SMTP Mappings
    19. How to create/configure databases — All databases
  7. Common features
    1. Databases
    2. Schedules
    3. Retentions
    4. Storages
      1. Google drive storage
      2. Amazon S3
    5. Exchange connections
      1. Exchange performance settings – turning off the Exchange throttling policies
      2. Hybrid Exchange environments in the Email Archive system
    6. Importing contentACCESS configurations from files
      1. Manual import of Exchange servers/groups/mailboxes to the contentACCESS Address book
      2. Importing File Archive root folders to be archived
  8. Creating new jobs in contentACCESS
  9. Jobs’ page, jobs’ context menu
  10. File Archive
    1. Introduction to File system archive
    2. File archive settings
    3. File archive Databases
    4. File archive System settings
    5. File archive Retentions
    6. File archive Storages
    7. Root folders
    8. Aliases
    9. File archive Schedules
    10. Provisioning settings and managing access to contentWEB
    11. Remote agents
    12. Configuring aliases
    13. Configuration of jobs available in contentACCESS File Archive
    14. Configuration of File system archive job
    15. Configuration of a File system restore job
    16. Configuration of File system recovery job
    17. Configuration of Delete job in File archive
    18. Configuration of File system shortcut synchronization job
    19. Configuration of Remote shortcutting job
    20. Active/inactive documents in File system archive
  11. Email Archive
    1. Important settings before creating an Email Archive job
    2. Database settings
    3. Email archive System settings
    4. Email archive Provisioning settings
    5. Retention settings
    6. Shortcuts in email archiving
    7. Storing of archived emails
      1. LoboDMS storage
    8. Creating email archive schedulers
    9. User experience
    10. Exchange 2013+: Mail app in OWA 2013+ or on MS Outlook 2013+ desktop version
    11. Exchange 2010: OWA 2010 integration
    12. Address book objects
      1. Adding address book objects manually
    13. Granting access rights for mailbox users and explicit users to view the mailbox archive
    14. Creating contentWEB users (option 1)
    15. Manage access to a mailbox archive (option 2)
    16. Database and store assignment in email archiving
    17. How to assign database, storage and index zone to an Exchange group?
    18. How to assign database, storage and index zone to a mailbox?
    19. How to move data from source database/storage into a second (target) database/storage?
    20. Creating Email archive jobs: archive, restore, recovery, delete, mailbox move, shortcut synchronizaion, shortcut repair
    21. Email archive job
      1. Email archive job configuration
      2. Email archive journal processing
    22. Email restore job
      1. Email restore job configuration
    23. Email recovery job
      1. Email recovery job configuration
    24. Configuration of Delete job in Email archive
    25. Mailbox move job
      1. Mailbox move job configration
    26. Shortcut synchronization job
      1. Shortcut synchronization job configuration
    27. Shortcut repair job
      1. Shortcut repair job configuration
    28. Public folder archiving
      1. How to configure a job to archive public folders
      2. Public folders in the contentWEB archive
      3. User permissions to public folders
      4. Public Folder archiving in hybrid Exchange environments
    29. SMTP archiving
  12. SharePoint archive plugin
    1. SharePoint Archive settings
    2. SharePoint Archive job configuration
    3. SharePoint recovery job configuration
    4. Configuration of Delete job in SharePoint archive
    5. SharePoint archive Provisioning settings
    6. SharePoint Publishing job
    7. SharePoint in the contentWEB archive
  13. GDPR plugin
    1. GDPR Settings
      1. GDPR Databases
      2. GDPR Schedules
      3. GDPR Index zones
    2. GDPR Processing
      1. GDPR File system settings
      2. GDPR Exchange settings
      3. GDPR Applications
      4. GDPR Jobs
        1. GDPR File system job
        2. GDPR Exchange job
        3. GDPR Application job
  14. Custom plugins
    1. Email management job configuration
    2. Storage replication plugin
    3. Sharing plugin
    4. Datengut plugin
    5. Email synchronizer plugin
    6. Categorize to Public folders plugin
    7. LoboDMS plugin
  15. ThreatTest
    1. ThreatTest configuration
      1. ThreatTest Databases
      2. ThreatTest System settings
      3. ThreatTest Schedules
      4. ThreatTest User experience
      5. ThreatTest Statistics
      6. ThreatTest Job
    2. Using ThreatTest App
  16. officeGATE
  17. contentACCESS Mobile
  18. Virtual drive configurations
  19. Application settings
  20. Terms of use
  21. FAQ
    1. Download sample for the file to be imported does not work
    2. Archiving is not working if MAPI is set to communicate with the Exchange server
    3. Virtual drive is still appearing after the uninstall
    4. Outlook forms problems
    5. Unable to open shortcuts of archived files on the server side
    6. Samples are not shown using 'Show sample" option in the Import dialog
    7. Do I need to create separate tenants for file archiving and email archiving
    8. What is the recommended database size for email, file and Sharepoint archiving
    9. The TEMP folder is running out of space when archiving big files
    10. The attachment could not be opened
    11. After updating Exchange 2013, the EWS connection might not work in contentACCESS
    12. If Windows authentication is not working in contentACCESS and an alias was created for contentACCESS
    13. contentACCESS Outlook add-in certificate issue
    14. PowerShell scripts for setting up Email archive
    15. Solution for Outlook security patches
    16. Solution for Outlook security patches through GPO
    17. Solution for indexing PDF files
    18. Mycompanyarchive SuperUser mailbox configuration
    19. Office365 journaling

6.5.8.Managing access to contentACCESS objects

Definition of terms:
Logged on user – the user logged in to the Central Adminisration, who has the permissions to manage access to contentACCESS objects;
Second user – the explicit user, who gets the rights (involved in the assigned role) to manage certain contentACCESS objects;
Tenant objects – objects like jobs, repositories, schedulers, archive mailboxes etc. of the given tenant;
Tenant repositories – databases, storages, retentions, shortcuts, Exchange connections, aliases of the tenant.

contentACCESS allows to manage access to the contentACCESS objects for second users. These objects are the following:

  • schedules and repositories of tenants (database, storage, retention, shortcut, Exchange connection, alias)
  • jobs of tenants
  • archive mailboxes of a given tenant
  • the file archive of a given tenant and
  • the tenant itself

In case of schedules, repositories and jobs the “manage access“ means that the logged on user (with the necessary permissions) assigns for a second user a role containing permissions to

  • edit and/or
  • delete

the assigned tenant’s

  • schedulers and/or
  • repositories and/or
  • jobs.

In case of tenants “manage access” means that the logged on user grants rights for a second user to manage the tenant assigned for him, i.e. he gives tenant administrator permissions for this user. The second user’s exact permissions on the given tenant are defined in the assigned role.

In case of archive mailboxes and file archive “manage access” means that the logged on user grants for the second user access rights to the archive mailboxes and file system archive on the assigned tenant.

The permissions of the role assignment define what the second user will be allowed to manage. E.g. if my user called ”Job manager” has got “Edit job – All allowed” permission on the TECH-ARROW, but the “Delete job” permission is not allowed in his role assignment, then he will be able to edit the jobs of this tenant, but won’t be able to delete any jobs of the tenant.

The user logged on to the Central Administration, who is able to give access e.g. to TECH-ARROW tenant‘s objects for second users, must have “Manage users and roles” permissions and “Manage tenant” permissions on the TECH-ARROW tenant and also

  • Edit repositories“All allowed” permission to be able to manage access to the repository items on the TECH-ARROW tenant;
  • Edit jobs“All allowed” permission to be able to manage access to the jobs of the TECH-ARROW tenant;
  • Edit schedules“All allowed” permission to be able to manage access to the schedules of the associated tenant
  • Manage tenant – permission on the TECH-ARROW tenant to be able to add tenant administrator rights on the TECH-ARROW tenant for a second user
  • View mailboxes/View folders/View public folders“All allowed” permissions on the TECH-ARROW tenant to be able to give access to the archive mailboxes/file archive/public folders for second user(s)on the tenant.

The rule is that the logged on user must have equivalent or more permissions than the role to be assigned for a second explicit user. E.g. the logged on user is not allowed to assign a role for a second user containing permission “Delete job”, if this permission is not granted for him as well.

Manage access option is available for the logged on user on the respective pages of the Central Administration.

In case of repository items, schedules, jobs and tenants the option is available above the list of items:

man-access-section-pic1
Screesnhot A: Manage access to the TECH-ARROW tenant’s file archive jobs

In case of archive mailboxes the option is available in the Address book, in the context menu of the given Exchange mailbox:


Screenshot B: Manage access to ane’s archive mailbox

In case of file system archive the option is available in the File archive’s Provisioning settings:

man-access-section-pic3
Screenshot C: Manage access to the file system archive folders

First, the user needs to select an item (a given job, database, retention, mailbox etc.) from the list.

man-access-section-pic4

In any case, by clicking the “manage access” option, the logged on user is redirected to the Manage access to Object page. Here he can manage access to the contentACCESS object. He clicks +new and the Create role association window opens.

The Role dropdown list lists only the roles that the logged on user is allowed to assign, and those that contain specific permissions on that object (in this case the object is the job). Roles containing “All allowed“ permissions (e.g. “Edit job – All allowed“ or “View mailboxes – All allowed”) cannot be granted on the “Manage access to Object page”. The user selects the role with the necessary permissions and assigns it to a new or an existing contentACCESS user.
In this use case we grant access for Jack Bolton to edit the Archive job of TECH-ARROW tenant.
The TAAdmin_job_editor role is already prepared and contains permission to edit specific job(s) of this tenant (“Edit job – Specific allowed”):

taadmin-job-editor-3-1

On the File Archive’s Jobs page of TECH-ARROW tenant we locate the Archive job, select it and click “manage acces”.

archive-job-selection-3-1

On the “Manage access to Object” page, we select the “TAAdmin_job_editor” role, and assign it to our existing user, Jack Bolton:

manage-access-to-archjob-3-1

Our Jack Bolton user has now rights to edit the “Archive job” on the TECH-ARROW tenant, but he cannot delete this job from the list.

jb-permissions-3-1

Yes No Suggest edit
Suggest Edit