The following roles are pre-configured in ArchiveOne, and you can create your own roles based on them:
- ADMINISTRATOR – Can do anything including changing permissions (except for scheduled emptying of the recycle bin).
- ARCHIVE ADMINISTRATOR – Can edit repositories and search archive but cannot define or run policies.
- COMPLIANCE OFFICER – Can search archive but cannot define or run policies.
- OPERATOR – Can run policies but cannot define them or search archive.
- POLICY ADMINISTRATOR – Can define and run policies but not search archive.
- READ ONLY – Can view configuration but cannot change it or run any actions.
- The concept of roles only covers features of ArchiveOne Admin, it does not affect how users use the Search and Retrieval Website to find and retrieve their mail.
- No user can use any feature of ArchiveOne unless they are a member of the ArchiveOne Policy Administrative Users group, by default, ArchiveOneUsers. Only members of this group are allowed to run ArchiveOne Admin. For information on changing the default users group name, see How to Change the Default Security Group Name.
- A user can be assigned an explicit role defining how they can interact with all parts of ArchiveOne Admin.
- There is a default role which is the role used for any user who does not have an explicit role.
- There must be either a user with the ADMINISTRATOR role or ADMINISTRATOR must be the default role to prevent getting to a situation where noone has rights to change permissions.
- A user can be assigned a different role on a specific object, that is, a policy, repository, or archive search object. For instance, a user has a general role of READ ONLY but have a role of COMPLIANCE OFFICER on a particular archive search so that the user can run that archive search, but no other.
- The pre-defined roles cannot be changed but new roles can be created and deleted and their permissions changed, and then used in the same way as the pre-defined ones.
- Configuration changes are not necessarily honored until ArchiveOne Admin is restarted. Many changes have immediate effect, but not all, in particular, if a change is made that sets a node invisible for the current user, the node may remain visible until ArchiveOne Admin is restarted.