Create, Update, and Delete must be used by an account that belongs to the local group Administrators on the Directory service computer.
Any component has permission to read from the Directory service but, to write data, you must have write permissions. The user who tries to modify the data that is maintained by the Directory service must be a member of the local group called Administrators on the Directory Computer. By default the global group Domain Admins is added to the local Administrators group.
When the SQL database is created, all the correct permissions are applied to the tables. That is, the SQL login ID EnterpriseVault has access to all of the tables. If someone inadvertently modifies these permissions, access may be denied. The Application Event Log should indicate such a problem.
The password stored by the Directory must match the password set in SQL. Always use the Administration Console to change the password.