 |
| |
Form tabs
Use this form to specify a group's access to FirstClass features. For information about user groups and organizational units, see User groups and organizational units.
FirstClass determines a user's privileges based on the groups to which that user belongs. To see a list of the groups to which a user belongs, open the user's info information. FirstClass sets the privileges specified in the first group in this list, then overrides these settings with the settings specified in the next group, and so on. Turn on advanced privileges with caution.
Group name
The name of the user group.
Comments
Comments about this user group.
Organizational unit
This field is only required for multi-tenant environments.
Choose the organizational unit level.
Require uniqe names within this organizational unit
If you will allow duplicate Directory entries between members of different organizational units, select "Require unique names within this organizational unit".
Model Desktop button
Opens the user group's Model Desktop.
Features tab
Use this tab to define privileges for this group.
Email
Private mail
Allows users to send private mail. Users without this privilege can still receive mail, and can send mail to conferences for which they have the Conferencing privilege and the appropriate permissions.
Conferencing
Allows users to send mail to conferences. Users without this privilege can still read messages in any conferences for which they have the appropriate permissions.
Unsend
Allows users to retract messages that they have sent. Even with this privilege, users cannot unsend messages that have been sent through a gateway or moved.
Make urgent
Allows users to mark messages Urgent. Because your system and some gateways can be configured to process urgent mail on a priority basis, you might want to restrict this privilege.
Mark as unread
Allows users to toggle messages' unread flags on and off. If a user removes a message's flag before opening it, no receipt will be generated when the user reads the message, and the user's name will not appear in the message history.
Set expiry
Allows users to change the expiry date for an outgoing message. The expiry set by a user overrides any other expiry settings, such as those defined for a conference. Users without this privilege can still change the expiry of messages in their own Mailboxes.
Receipt notification
Allows users to turn on receipt generation. Because receipt notifications can increase message traffic on your server, you may want to restrict this privilege. You can also restrict use of receipt notifications in conferences.
Search
Allows users to search conferences. This privilege works with the Search permission; users can only search conferences for which they have this permission.
Upload
Allows users to attach files to messages and upload files. For sending attached files to conferences, this privilege works with the Send permission; users can only send attached files to conferences for which they have this permission. For uploading files directly to conferences, this privilege works with the Create folders & files permission; users can only upload files directly to conferences for which they have this permission.
Download
Allows users to save attachments and download files from external folders and conferences. This privilege works with the Download permission; users can only download from conferences for which they have this permission.
Address book
Allows users to use personal email addresses and mail lists. Users without this privilege can add entries to their address books, but cannot address mail to these entries.
Other privileges
Chat
Allows users to engage in real-time online text-based conversations. The names of users without this privilege are displayed in italics in the Directory and Who's Online lists. Users without this privilege can still receive and accept chat invitations from the administrator.
Calendaring
Allows users to work with FirstClass calendars. If users also have the Create conferences privilege, they can create public calendars.
View résumés
Allows users to view the résumés of other users.
Publish home page
Allows a user to create a personal web home page. This home page can be accessed using HTTP, FTP, and FirstClass. If users do not have home pages, their résumés will be displayed to anyone trying to access their home pages. You should make sure that users understand that their résumés may be published to the Internet.
Advanced
Create conferences
Allows users to create new conferences. This privilege works with the Create conferences permission; users can only create subconferences in conferences for which they have this permission.
View unlisted
Allows users to view unlisted entries (such as conferences or user names) in the Directory and the names of unlisted users in the Who's Online list.
View user information
Allows users to view other users' information forms. On the user information form of another user, the password field is blanked out, but the user ID is visible. Users with this privilege see the user information form in place of the résumé. From the user information form, users can display the other user's résumé, but they cannot open that user's Desktop or preferences. If you consider user information to be sensitive, restrict access to this privilege.
Edit user information
Allows users with the View user information privilege to change all information on user information forms, including passwords. You can use this privilege to delegate administrative tasks without granting full administrator powers. Users with this privilege cannot open the Desktop or preferences of another user, designate subadministrators, or edit the user information forms of the administrator or subadministrators.
Special status
Once a user is given special status, that status stays in effect despite the status settings for any other group to which the user belongs. These statuses can be overridden on a user's User Information form. Special status privileges are:
Subadministrator
Allows you to designate members of this group as subadministrators.
Does not expire
Prevents users from being deleted automatically if their accounts are inactive. This privilege overrides the System Profile setting that specifies the number of days of inactivity after which users are normally deleted.
Access
FirstClass access
Allows users to access the server using FirstClass client software.
Internet access
Allows users to access the server using POP3, HTTP, LDAP, FTP, and IMAP4. If this is selected for administrators, this person can log in as administrator using a web browser. You may want to restrict this privilege in the case of administrators for security reasons.
Command line access
Allows users to access the server using a terminal, Telnet, or a terminal emulator.
Note
If all of the above access privileges are disabled, users cannot log in.
Work offline
Allows users to use FirstClass Personal to access the server. Remote users cannot use this privilege.
Voice access
Allows users to access the server using Voice Services via a telephone. Users can also receive voice and fax messages in their mailboxes. You must be a FirstClass Unified Communications customer to enable this feature.
User Prefs tab
Edit preferences
Allows users to edit their own preferences and passwords, and create and edit their own résumés. You might want to disable this privilege for guest accounts, to make sure the accounts are always left in the same state. If you select this privilege, all settings on this tab can be overridden by the individual user on the User Preferences form.
Preconfigurable user preferences
Reply preference
Choose the default reply preference for this user group.
Time zone
This is the default time zone for this group. This is useful if members of this group work in a different time zone than where the server is installed.
Client interface
Choose the default user interface for this group. Users migrating from a Windows Exchange environment may find the FirstClass Explore interfaces more familiar.
Voicemail interface
If you are a FirstClass Unified Communications customer and this group has the Voice access feature enabled on the Features tab, then choose the preferred voicemail interface for this group.
Preferred language
Choose the preferred voicemail interface language for this group.
Advanced user preferences
Mail import
Allows users to set up POP3 mail import.
Mail rules
Allows users to set up mail rules preferences such as autoforwarding, autoreply, and junk mail handling. Because these options can increase message traffic on your server, you might want to restrict this privilege.
Note
Incorrect use of this privilege can result in mail loops. For example, Sue might set up autoforwarding to Jim, who has set up autoforwarding to Bill, who has set up autoforwarding to Sue. If FirstClass detects such a loop, it breaks it and displays an error in the server console log. FirstClass can only detect and break loops if they occur entirely within a FirstClass server system.
Forward
Allows users to forward mail in their Mailboxes and in conferences. When a user forwards a message, FirstClass creates another copy of the message, requiring additional storage space. Therefore, you might want to restrict this privilege.
User Limits tab
Use this tab to set time and disk space limits. Most of these limits are also set on the System Profile form. All "Default" values on the Group Privileges form default to what was set on the System Profile form. All values set on the Group Privileges form override those set on the System Profile form.
For each limit, the highest value defined for all groups to which a user belongs is normally the limit for that user. Override groups may affect this value. The administrator and subadministrators are not affected by these limits.
Private mail expiry
This is the number of days a message will stay in a user's Mailbox before it is automatically deleted. If you have given users the appropriate permissions, users can override this limit for individual messages.
Daily connection limit
The maximum number of minutes users can connect to the server during one day (from 12:01 AM to midnight). This overrides the default set on the System Profile.
If a user is logged on multiple times with the same user ID, this user is considered to have been logged on for the total elapsed time for all the user's current connections. For example, a user with a limit of 120 minutes who has two concurrent sessions, both at 60 minutes, has used up the allotted time.
Session inactivity limit
The maximum number of minutes users can be inactive during a session before being logged off. This overrides the default set on the System Profile.
Disk space limit
The maximum amount of disk space, in kilobytes, allowed per user. Once this limit is reached, the user can no longer create items such as messages and documents, but can still receive mail.
Directory tab
Use this tab to define the names that this group's Directory can list. By default the Directory is filtered in the following ways:
• members of the All Users group can see members of Web Names, Web Conferences, and Web Calendars groups
• members of Regular Users and Remote Users groups can see all members of All Users, All Conferences, and All Calendars groups.
Allow this group to view these groups
Enter user group or conference group names to include only members of these groups in the Directory listing for the current group. All other user and conference groups on your system will be hidden from members of the current user group.
Maximum number of multimatch names
The maximum number of names that will be listed in the Directory when a search results in multiple matches. To require exact matches, thus forcing users to know the name of the person or conference they are searching for, set this value to 1. You might want to set the limit to 1 for autoregistered users.
The highest value defined for all groups to which a user belongs is normally the limit for that user. Override groups may affect this value.
Security tab
Password security
Password restrictions
Forces users to choose passwords which are alphanumeric, or have no restrictions. Alphanumeric passwords are more difficult to guess.
Recent passwords
The administrator can choose to allow recently used passwords, or to force users to choose a new password when the old one expires. If you choose to block recently used passwords, users may not reuse any of his last five (5) passwords.
Password expiry period
The length of time a password will be valid. Regularly changing passwords will increase security. This field is only used for GUI access (client or web).
Minimum text password length
Forces users to choose passwords of a minimum length. Longer passwords are more difficult to guess. This field is only used for GUI access (client or web).
Minimum voice password length
Forces users to choose voice passwords of a minimum length. Longer passwords are more difficult to guess. This field is only used for TUI access (phone).
Download limitations
This field is primarily used to stop viruses from being sent through your FirstClass system. If there is a known virus, enter the exact attachment name in this space. FirstClass will not allow uploading or downloading of this specific attachment name.
This field can also be used to disallow downloading files of a specific type. Enter the file extension preceeded by a wild card. FirstClass will not allow uploading or downloading of this file type.
You can set attachment limitations for the All Users group, or any groups you create. Do not set attachment limitations on any other Standard user group.
Services tab
Use this tab to store information about your Internet Services and Voice Services (you will only have Voice Services if you are a FirstClass Unified Communications user).
Internet Services
Internet mail domain
Your registered domain name.
If you have only one domain name for all users, set this as the default value on the All Users Group Privileges form and do not enter anything on individual user or conference group forms.
In a multi-tenant environment with several domain names, enter the domain name on the user group's Group Privileges form. All domain names must also be entered on the Multiple Sites and Languages form.
Voice Services
This section is only relevant for FirstClass Unified Communications customers.
DN prefix
The DN prefix is the common exchange for your company's block of numbers.
If you have only one DN prefix, set this as the default value on the All Users Group Privileges form and do not enter anything on individual user or conference group forms.
In a multi-tenant environment with several DN prefixes, enter the DN prefix for the specific organizational unit on the organizational unit's (user group's) Group Privileges form.
Operator revert DN
If a caller presses "0", this is the number to which the call will be redirected.
If you have only one preferred Operator revert DN, enter this number on the All Users Group Privileges form and do not enter anything on individual user or conference group forms.
In a multi-tenant environment, or a large organization, the revert DN may depend on the organizational unit or group the original call recipient is a member of. Enter the Operator revert DN on the organizational unit's (user group's) Group Privileges form.
Dialing restrictions
Dialing restrictions are set system-wide on the Voice Services Admin form. When you set dialing restrictions for a group or organizational unit, the settings override what is set on the Voice Services Administration form. A user's dialing restrictions are based on the user's primary organizational unit's settings.
Enter dialing restrictions for this group or organizational unit. This includes all long distance codes, and all pre-dialing codes (for example, 1 for North American long distance dialing, PBXs requiring an outside line access code (usually 9), etc).
Restrictions begin with ! and accessible dialing strings have no prefix. Restricted and accessible dialing strings can be combined by separating them with commas. In all cases, the most exact match will be used. For example:
• !9 disallows all calls to numbers beginning with 9. If 9 is the outside line code for your PBX, this will disallow all calls outside of your PBX.
• !9,9055551234 disallows all calls to numbers beginning with 9, but allows calls to the specific number 9055551234.
• !9,905,!9055554567 disallows all calls to numbers beginning with 9, but allows all calls to area code 905 except calls to the specific number 9055554567.
If this field is blank, the system will default to the system-wide settings from the Voice Services Admin form. If this field contains !0,!1,!2,!3,!4,!5,!6,!7,!8,!9 then no outdialing is permitted for all members of this group. If this field contains 0,1,2,3,4,5,6,7,8,9 then all dialing is unrestricted for this group.
Automatically filter Directory to this group
If you are in a multi-tenant environment, select this option for the highest level organizational unit that encompasses all users from one company.
For example:
You have two companies on one system: Company A and Company B. Each is an organizational unit at the level of Company.
Within each company there are several organizational units (departments, groups, teams).
You want all employees of Company A to be able to see and dial all other Company A employees.
You do not want Company A employees to be able to use the phone to Name dial Company B.
Select Automatically filter Directory to this group for Company A organizational unit. If you set it at a more restricted level (department, for instance) employees would be unable to see employees outside of their department.
If this option is not selected at all, the dialing Directory will not be filtered and members of Company A will be able to see all members of Company B in the Directory and will have access to Name dial and other Directory dialing through Voice Services.
Warning
If a user is a member of multiple organizational units (company, department, team), only select this option for one of his organizational units (this would usually be the highest level).
|