12.11.1.Creating contentWEB users (option 1)
The Create contentWEB user method should be used, if the administrator would like to grant access rights to multiple mailbox users for their own associated mailbox archives. contentWEB users (with permissions to access the associated email archives over contentWEB) can be created on 3 levels. It is possible to:
- create contentWEB users to all mailbox users of the Exchange server – by selecting Automatically create contentWEB user option from the server’s context menu and picking Yes;
- create contentWEB users to mailbox users of the selected Exchange group – by selecting Automatically create contentWEB user option from the group’s context menu and picking Yes or Inherit (if the parent has the contentWEB user creation turned on);
- create one contentWEB user to one selected mailbox – by selecting Automatically create contentWEB user option from the context menu of the selected mailbox and picking Yes or Inherit (if the parent has the contentWEB user creation turned on);
When you allow to create a contentWEB user, the contentWEB user role pop-up dialog opens. Here you need to specify the contentWEB user role (containing user permissions) to be assigned to the contentWEB user. There are 2 options which role to define here:
- you can use the (default) role (e.g. with read-only permissions only) defined in the email archive provisioning job (read more in section Email Archive Provisioning settings)
- or you can assign a custom role (e.g. Standard user role with more permissions like manual recovery, preview etc.) to the user in the Archive settings (read more about Archive settings here) section of the contentWEB user role dialog.
Standard user role is a system level role, it is present in contentACCESS (and therefore in the contentWEB user role dialog’s dropdown list) by default. Other types of Email archive user roles must be created manually based on the steps described in section “Roles”.
Now, in this use case, we will create contentWEB users with default Standard user permissions in the archive for the whole TADC01 server, but our mailbox user “ANE” will have also full rights on all archive mailboxes of the TECH-ARROW tenant in contentWEB. We presume that Standard user role is selected in the email archive provisioning job.
- First we need to create a role with “All allowed” permissions on our tenant’s email archive (read more is section “Roles”). This role will be later assigned for “ANE”.
- We open the server’s context menu with a click on the ellipses, choose Automatically create contentWEB user from the list and select Yes.
- The contentWEB user role dialog, where we select “Use the role defined in the provisioning job ” option, opens. As already mentioned above, the Standard role is defined in the provisioning job.
- There will appear an “Enabled” command in the “Create contentWEB access” column, which means that contentWEB users to all mailboxes of the server will be created at next run of the provisioning job. Associate with role is “Inherit”, i.e. the (default) role defined on server level is inherited from the email archive provisioning job.
- Now we search for our mailbox “ANE…” and create contentWEB user for him as well. This user will have full permissions on all archive mailboxes of the tenant. These permissions are defined in role “Full_EAUser” from the first step, so we select it in the pop-up window.
- Now we start the provisioning job, which will create our contentWEB users with the assigned roles (or we wait until it begins to run according to the provisioning scheduler).
Now we go the Address book:
Provisioning job points out which mailbox user is associated with which mailbox(es) on the Exchange server and synchronizes these permissions with contentACCESS. The rights on the Exchange server will be synchronized with contentACCESS and new contentWEB users will be created for each mailbox user on the server. Each contentWEB user will have an Automatical flag. In case of O365, an Azure user login will be created; in case of on-premise Exchange server, a Windows user login will be created for each mailbox user on the server. With these accounts, the contentWEB email archive will be accessible for these mailbox users. The contentWEB user created for “ANE” will be able to access the archive mailboxes of the assigned tenant as defined in his role.
What happens if you select No after clicking on Automatically create contentWEB user in the context menu of a group/server? If it was formerly set to Yes and the administrator changes this setting to No, then the already existing contentWEB user(s) will NOT be deleted. However, if new mailbox users are added on the Exchange server, they will NOT get contentWEB access rights on the mailbox archive.
How to find Exchange groups/Exchange mailboxes with or without contentWEB users? In the Groups/Mailboxes tab, click to the Create contentWEB access search box and type in Enable to filter out all groups/mailboxes, for which contentWEB users will be/were created. If you would like to find all groups/mailboxes without contentWEB users, type in Inherit.