Configuring a local user account

Updated 3 months ago by admin

This article describes how to configure a local user account within the Email Archive system.

The Email Archive system supports 3 local user types that can be created by an Administrator user: Administrator; Privilege and Basic. The Data Guardian users have to be created by your service provider.

All user types have the following details:

Username: This is the unique username as entered into the Login page.  We recommend that the name is different from a user’s network login id name.  We suggest that you append _admin / _priv / _basic to the username to ensure that it is different from a user’s standard login name, and it also indicates the type of user.

First & Last Name: The user’s full name to display.

Admin Level: The type of this user. One of Administrator / Privilege / Basic (see below for further information)

Account Status: Active or Locked. 

Primary Email Address: This address will be used by the Email Archive system for resetting Password and Forward-to-inbox emails, plus other system events that require notifying the user.

Once a new account is created, a random password is assigned and emailed to the new users’ Primary Email Address.  If the Email Archive system is unable to send this email, then the password will be displayed on screen. 

The options for the different account types are detailed below.

Administrator User Type

An administrator cannot search.

Only administrators can reset passwords – and access the ‘Forgotten your Password?’ login facility.

If an administrator uses the ‘Forgotten your Password?’ feature, a new password will be emailed to the Administrator’s Primary Email Address.

There is a single default Administrator (details provided by your service provider) which is used to set-up the Email Archive system. 

Please ensure that the email address of this account is changed – typically via the Outbound Email & Alerts menu option and then the Current User Email Address setting.

We recommend that additional administrator accounts are added – one for each member of IT staff who may need to administer the Email Archive system.  This will ensure that the Data Guardian transcripts will indicate which user had logged in.

Privilege / Privilege & Delete User Types

This user can search across ALL email in the Email Archive system unless one or more searchable domains are added.  A Privilege & Delete user type has the ability to authorise a deletion request. This account type will only become available if you have a license to use it. In all other respects, this account type is the same as a standard Privilege account.  Any searches made by Privileged users will raise an audit transcript that is sent to the Data Guardian(s).

Searchable Domains: are restrictions on the Privilege user – so that only email to or from an email address in one of the Searchable Domains will be returned.

If a company is an umbrella for a number of brands – like the hotels in a hotel group – and each brand has its own email domain, then you can create a separate privilege user for each brand/domain.  The privileged user would only be able to search across the emails for their brand (email domain).

Exclude Addresses: If one or more staff wish to be specifically excluded from any Privilege Search Results (including any emails where they were just one of several recipients) then enter their email addresses here.

Other Auditors: are additional or alternative email addresses where Data Guardian transcript emails will be sent for this user.  This is of particular use if Searchable Domains are used – as you may have a Data Guardian for each company brand/email domain.

Basic User Type

A basic user can only search and view mail that matches the email addresses specified for their account.  This is similar to a user connecting via LDAP (i.e. with an Active Directory user login).

A basic user is not normally audited (i.e. No Data Guardian transcript will be sent following any searches).

Basic accounts can be set up to view any number of different user mailboxes – by entering several secondary email addresses that relate to other mailboxes. In this mode, the basic account should be audited – and it is recommended to ensure that the auditing options are used when creating such an account.

Secondary Email Addresses: Add as many email addresses that this user should have authority to view.

Add several addresses at once by entering a comma or newline separated list and pressing the Add button.

Enable Share Folder: The results of a search can be saved as a Case Folder and comments given for each email in that folder.  There are times when that folder of emails needs to be viewed by, for example, a supervisor.  This option will allow for a Folder to be shared.

Enable Sample Search:  This will display a ‘Random Selection’ feature to the Search User, where only a percentage of the possible results will be returned to the user.  This is useful for compliance officers who are obliged to conduct random sample searches on a regular basis to check for potential breaches of the company or business regulations.

Exclude Primary Address From Search: This is useful where a basic account is designed to be Team Supervisor account – an account where email addresses of a team of people are added to the ‘secondary addresses’.  All searches should be conducted across that team of people – but should not include the team supervisor themselves.

This should be used with the Auditing options described below.

Exclude Secondary Addresses From Search: A convenience feature. Unlikely to be useful.

Any LDAP or Local Basic User can select exactly which email addresses are to be used for their searches from the Preferences area.

Enable Auditing: If this account is knowingly able to access other user email addresses, then it should be audited.  With this enabled, at least one of the Data Guardian options must be selected.

Auditing by Data Guardians: Tick this if the company-wide Data Guardian(s) are to receive transcripts of searches conducted by this account.

Other Auditors: Enter email addresses of alternative Auditors who should receive transcripts of searches conducted by this account.


How did we do?