11.14.Creating contentWEB users (option 1)
The Create contentWEB user method should be used, if the administrator would like to grant access rights to multiple mailbox users for their own associated mailbox archives. contentWEB users (with permissions to access the associated email archives over contentWEB) can be created on 3 levels. It is possible to:
- create contentWEB users to all mailbox users of the Exchange server – by selecting Automatically create contentWEB user option from the server’s context menu;
- create contentWEB users to mailbox users of the selected Exchange group – by selecting Automatically create contentWEB user option from the group’s context menu;
- create one contentWEB user to one selected mailbox – by selecting Automatically create contentWEB user option from the context menu of the selected mailbox;
When you allow to create a contentWEB user, the contentWEB user role pop-up dialog opens. Here you need to specify the contentWEB user role (containing user permissions) to be assigned to the contentWEB user. There are 2 options which role to define here:
- you can use the (default) role (e.g. with read-only permissions only) defined in the email archive provisioning job (read more in section Email Archive Provisioning settings)
- or you can assign a custom role (e.g. Standard user role with more permissions like manual recovery, preview etc.) to the user in the Role to assign section of the contentWEB user role dialog.
Standard user role is a system level role, it is present in contentACCESS (and therefore in the contentWEB user role dialog’s dropdown list) by default. Other types of Email archive user roles must be created manually based on the steps described in section “Roles”.
Now, in this use case, we will create contentWEB users with default Standard user permissions in the archive for the whole O365 server, but our mailbox user “edit.balazsy” will have also full rights on all archive mailboxes of the TECH-ARROW tenant in contentWEB. We presume that Standard user role is selected in the email archive provisioning job.
- First we need to create a role with “All allowed” permissions on our tenant’s email archive (read more is section “Roles”). This role will be later assigned for “edit.balazsy”.
- We open the server’s context menu with a click on the ellipses and choose Automatically create contentWEB user from the list.
- The contentWEB user role dialog, where we select “Use the role defined in the provisioning job ” option, opens. As already mentioned above, the Standard role is defined in the provisioning job.
- There will appear a “YES” command in the “Create contentWEB access” column, which means that contentWEB users to all mailboxes of the server will be created at next run of the provisioning job. Associate with role is “Inherited”, i.e. the (default) role defined on server level is inherited from the email archive provisioning job.
- Now we search for our mailbox “edit.balazsy…”, and create contentWEB user for her as well. This user will have full permissions on all archive mailboxes of the tenant. These permissions are defined in role “Full_EAUser” from the first step, so we select it in the pop-up window.
- Now we start the provisioning job, which will create our contentWEB users with the assigned roles (or we wait until it begins to run according to the provisioning scheduler).
Now we go the Address book:
Provisioning job points out which mailbox user is associated with which mailbox(es) on the Exchange server and synchronizes these permissions with contentACCESS. The rights on the Exchange server will be synchronized with contentACCESS and new contentWEB users will be created for each mailbox user on the server. Each contentWEB user will have an Automatical flag. In case of O365, an Azure user login will be created; in case of on-premise Exchange server, a Windows user login will be created for each mailbox user on the server. With these accounts the contentWEB email archive will be accessible for these mailbox users. The contentWEB user created for “edit.balazsy” will be able to access the archive mailboxes of the assigned tenant as defined in her role.
What happens if you select Do not create contentWEB user from the context menu? If formerly it was set to Automatically create contentWEB user, and the administrator changes these settings to Do not create contentWEB user, then the already existing contentWEB user will NOT be deleted. However, if new mailbox users are added on the Exchange server, they will NOT get contentWEB access rights on the mailbox archive.
How to find Exchange groups/Exchange mailboxes with or without contentWEB users? In the Exchange groups/Exchange mailboxes section unroll the Create contentWEB user dropdown list, which is located at the right side of the address book’s page, and select “Checked” to filter out all groups/mailboxes, for which contentWEB users will be/were created. If you would like to find all groups/mailboxes without contentWEB users, select “Unchecked” from the list.