Difference between revisions of "Users, Folders and Settings"
[unchecked revision] | [checked revision] |
Cstelzmann (talk | contribs) |
|||
(46 intermediate revisions by 5 users not shown) | |||
Line 1: | Line 1: | ||
− | = | + | == User Management == |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
When emails are archived, they are always assigned to individual users (the original owners of the emails). Every MailStore user has his or her own user archive which is created automatically upon setting up the new user account. For this reason, before any emails can be archived, the appropriate user accounts have to be created first. | When emails are archived, they are always assigned to individual users (the original owners of the emails). Every MailStore user has his or her own user archive which is created automatically upon setting up the new user account. For this reason, before any emails can be archived, the appropriate user accounts have to be created first. | ||
− | == Options for the Setup of New User Accounts == | + | === Options for the Setup of New User Accounts === |
− | |||
* Adding users manually (described here) | * Adding users manually (described here) | ||
* Synchronizing User Accounts with [[Active_Directory_Integration|Active Directory]] | * Synchronizing User Accounts with [[Active_Directory_Integration|Active Directory]] | ||
− | * Synchronizing User Accounts with [[Generic_LDAP_Integration|generic LDAP Server]] | + | * Synchronizing User Accounts with an [[Application Integration|Application Integration Server]] |
+ | * Synchronizing User Accounts with an [[IceWarp Server Integration|IceWarp Server]] | ||
+ | * Synchronizing User Accounts with a [[Kerio Connect Integration|Kerio Connect Server]] | ||
+ | * Synchronizing User Accounts with a [[Generic_LDAP_Integration|generic LDAP Server]] | ||
* Synchronizing User Accounts with [[MDaemon_Integration|MDaemon USERLIST.DAT]] | * Synchronizing User Accounts with [[MDaemon_Integration|MDaemon USERLIST.DAT]] | ||
− | == Opening User Management == | + | === Opening User Management === |
− | + | Log on to MailStore Client as administrator. Click on ''Administrative Tools'' > ''Users and Archives'' > ''Users''. | |
− | Log on to MailStore Client as administrator. Click on ''Administrative Tools'' and | ||
− | |||
− | |||
+ | === Creating a New User === | ||
Click on ''Create New'' and enter a login name for the new user. This could be a combination of first and last name, for example. Click on ''OK'' to confirm. In the next window, additional settings may be specified. Again, click on ''OK'' to confirm the new settings. | Click on ''Create New'' and enter a login name for the new user. This could be a combination of first and last name, for example. Click on ''OK'' to confirm. In the next window, additional settings may be specified. Again, click on ''OK'' to confirm the new settings. | ||
The user is added to the list of users and can be edited at any time, as described in the following section. | The user is added to the list of users and can be edited at any time, as described in the following section. | ||
− | '''Please note:''' The emails | + | '''Please note:''' The emails of a new user can be archived right away, no additional settings have to be specified. However, for the user to be able to log on to MailStore Client, a password has to be created (in the case of MailStore integrated authentication). |
− | + | A password must meet the complexity rules. A password | |
+ | {{Notes_on_Password_Complexity}} | ||
+ | |||
+ | === Editing an Existing User Account === | ||
Select a user from the list and click on ''Properties''. | Select a user from the list and click on ''Properties''. | ||
Line 61: | Line 34: | ||
:'''General Information ''' | :'''General Information ''' | ||
:*'''Full Name:''' Enter first and last name of the user. | :*'''Full Name:''' Enter first and last name of the user. | ||
− | :*'''Authentication:''' If choosing the setting ''MailStore-integrated'', users have to use the password specified in user management when logging on to MailStore Client. Click on ''Password...'' to set the password. Users can later change their passwords through | + | :*'''Authentication:''' If choosing the setting ''MailStore-integrated'', users have to use the password specified in user management when logging on to MailStore Client. Click on ''Commands...'' > ''Change Password...'' to set the password. Users can later change their passwords through the ''Manage Passwords'' feature in their installation of MailStore Client or using the Web Access.<br/>Alternatively, the authentication ''Directory Services'' can be used. In this case, users can log on to MailStore using their directory service credential (e.g. Active Directory access data). |
− | :*'''User is an Administrator:''' Only administrators have access to the administrative functions found in MailStore Client's Administrative Tools and in the | + | :*'''Multi-factor Authentication:''' The user is required to enter a [[Multi-factor Authentication|another factor]] during the authentication phase. |
+ | :*'''User is an Administrator:''' Only administrators have access to the administrative functions found in MailStore Client's ''Administrative Tools'' and in the management shell. | ||
+ | :*'''Change Password:''' Only users with this privilege can change their passwords independently by using the button on the start page or the Web Access. Users without this privilege must use the password created by the administrator in user management (relevant with MailStore-integrated authentication). | ||
− | :''' | + | :'''Log On Privileges''' |
− | :*'''Windows | + | :* '''Log on to MailStore Server:''' Only users with this privilege can log on to MailStore Server. Please note: Without this privilege, emails can still be archived for the respective user. |
− | :*'''Email Addresses:''' This information is only needed for the following archiving options: MailStore | + | :*'''Windows Client:''' The user is allowed to use the Windows Client. |
− | :*'''POP3 User Names:''' This information is only needed for archiving tasks using MailStore | + | :*'''Web Access:''' The user is allowed to use the Web Access. |
+ | :*'''Outlook Add-in:''' The user is allowed to use the Outlook Add-in. | ||
+ | :*'''Scheduled Tasks / Cmd Cliet:''' The user is allowed to use scheduled tasks and the command line client of MailStore Client. | ||
+ | :*'''IMAP:''' The user is allowed to access the archive using IMAP. | ||
+ | :*'''Management API:''' The user is allowed to use the Management API. This option is only available for administrators. This option is unavailable in the SPE. | ||
+ | |||
+ | :'''Integration (optional)''' | ||
+ | :* '''LDAP DN String:''' This information is needed if the user is to be authenticated through an LDAP based directory service such as Active Directory or other generic LDAP servers. | ||
+ | :*'''Email Addresses:''' This information is only needed for the following archiving options: MailStore Gateway, Microsoft Exchange Journaling, Multidrop Mailbox and archiving multiple mailboxes synchronously. | ||
+ | :*'''POP3 User Names:''' This information is only needed for archiving tasks using MailStore Gateway. If the POP3 user name does not match the user's email address, the user name has to be specified here. | ||
:'''Privileges''' | :'''Privileges''' | ||
− | ::Privileges are described separately in | + | ::Privileges are described separately in section [[Users,_Folders_and_Settings#Specifying Privileges|Specifying Privileges]]. As long as the appropriate privileges are not set, users are not able to delete any emails from the archive (even their own). |
* Click on ''OK'' to apply the new settings. | * Click on ''OK'' to apply the new settings. | ||
− | == | + | === Renaming Users === |
− | + | Select the user whose name you would like to change from the list of users and click on ''Rename''. In the dialog window, enter the new user name and click ''OK''. | |
− | + | ||
+ | Please note that the user archive must be renamed manually. The same applies to user privileges, archiving profiles, scheduled tasks, etc. | ||
− | ''' | + | === Deleting Users === |
+ | Click on ''Administrative Tools'' > ''User and Archives'' and then on ''Users''. Select the one or more users from the list, click on ''Delete'' and confirm the next dialog with ''OK''. | ||
− | Deleting a user | + | Deleting a user has the following effects: |
+ | * Emails that were archived for that user are not being deleted. The corresponding user archive is still available in MailStore and can be accessed by the administrator or shared with other users through the privileges system (see below). | ||
+ | * Archiving and export profiles that belong to that user will be deleted. To preserve them, they have to be assigned to another user prior to the deletion. | ||
+ | * The user's license will be released. This license can be used to create a new user account. | ||
− | = Specifying Privileges = | + | == Specifying Privileges == |
+ | To specify the privileges for a user, click on ''Administrative Tools'' > ''Users and Archives'' and then on ''Users''. Select the appropriate user from the list and click on ''Properties''. | ||
− | + | '''Please Note:''' If you highlight multiple users and click on ''Properties'', you can change the privileges for all selected users in one step. Previously assigned privileges of the selected users to other archives will be removed and only the newly assigned privileges are applied. | |
[[File:umgm_privileges_01.png|center|400px]] | [[File:umgm_privileges_01.png|center|400px]] | ||
− | == The Following Privileges can be Assigned: == | + | === The Following Privileges can be Assigned: === |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
'''Archive Email'''<br/> | '''Archive Email'''<br/> | ||
− | Only users with this privilege can execute | + | Only users with this privilege can execute archiving profiles independently and thereby archive emails to MailStore Server. '''Please note:''' An administrator can always archive emails for the user regardless of this setting. Please keep in mind that users can archive emails only if they have write-access to their MailStore user folders. This setting can be specified under ''Folder Access'' (described below). |
: '''Unlimited''' - Users with this privilege can create and edit archiving profiles. | : '''Unlimited''' - Users with this privilege can create and edit archiving profiles. | ||
− | : '''Run existing profiles only''' - Users with this privilege can only execute already existing archiving profiles but | + | : '''Run existing profiles only''' - Users with this privilege can only execute already existing archiving profiles but can neither create new profiles nor modify existing ones. |
− | : '''Manage profiles only''' - Users with this privilege can | + | : '''Manage profiles only''' - Users with this privilege can modify already existing archiving profiles and create new ones, but cannot run any profiles. |
− | + | You can find additional information about this topic in chapter [[Email_Archiving_with_MailStore_Basics#Working_with_Archiving_Profiles|Working with Archiving Profiles]] | |
'''Export Email'''<br/> | '''Export Email'''<br/> | ||
Only users with this privilege can export emails from MailStore. Please see chapter [[Exporting Email]] for a description of the many options MailStore offers for email export. | Only users with this privilege can export emails from MailStore. Please see chapter [[Exporting Email]] for a description of the many options MailStore offers for email export. | ||
− | + | : '''Unlimited''' - Users with this privilege can create and edit export profiles. | |
− | : '''Run existing profiles only''' - Users with this privilege can only execute already existing export profiles but | + | : '''Run existing profiles only''' - Users with this privilege can only execute already existing export profiles but can neither create new profiles nor modify existing ones. |
− | : '''Manage profiles only''' - Users with this privilege can | + | : '''Manage profiles only''' - Users with this privilege can modify already existing export profiles and create new ones, but cannot run any profiles. |
− | Additional information | + | Additional information about this topic can be found in chapter [[Exporting_Email#Working_with_Export_Profiles|Working with Export Profiles]] |
'''Delete Email'''<br/> | '''Delete Email'''<br/> | ||
Only users with this privilege can delete emails from their user archives. Please keep in mind that this privilege should only be granted with great care, because legal requirements are hard, if not impossible, to meet if users are allowed to delete their emails independently. Once deleted, emails can only be recovered by restoring a MailStore backup. | Only users with this privilege can delete emails from their user archives. Please keep in mind that this privilege should only be granted with great care, because legal requirements are hard, if not impossible, to meet if users are allowed to delete their emails independently. Once deleted, emails can only be recovered by restoring a MailStore backup. | ||
− | == Folder Access (e.g. Access to the Emails of Other Users) == | + | === Folder Access (e.g. Access to the Emails of Other Users) === |
− | |||
All main folders, which the current user has access to, are listed here. These folders correspond to the archives of individual MailStore users and contain all their archived emails. By default, users have only access to their own archives (to read and write, but not to delete). By clicking on ''Add New'', the main folder of another user can be added to the list of folders accessible by the current user. Then the type of access to be permitted has to be specified. | All main folders, which the current user has access to, are listed here. These folders correspond to the archives of individual MailStore users and contain all their archived emails. By default, users have only access to their own archives (to read and write, but not to delete). By clicking on ''Add New'', the main folder of another user can be added to the list of folders accessible by the current user. Then the type of access to be permitted has to be specified. | ||
Line 128: | Line 110: | ||
* Delete | * Delete | ||
− | From the users' perspective, the folders they have access to appear as entries in the folder structure of MailStore Client | + | From the users' perspective, the folders they have access to appear as entries in the folder structure of MailStore Client. |
Please keep in mind that users can archive emails independently only if they have write-access to their own folders. | Please keep in mind that users can archive emails independently only if they have write-access to their own folders. | ||
− | == Overview of all Privileges Regarding Folder Access == | + | === Overview of all Privileges Regarding Folder Access === |
+ | To view all privileges regarding folder access, click on ''Administrative Tools'' > ''Users and Archives'' and then on ''Privileges''. | ||
− | + | [[File:umgm_privileges_02.png|center|450px]] | |
− | + | The first column shows all user archives, the second column shows the MailStore users that have access to the respective user archive, and the third column lists the type of access privilege (e.g. Read, Write). | |
+ | |||
+ | Orphaned archives are easily detectable, as the second and third column is empty. | ||
− | |||
[[de:Benutzer,_Archive_und_Berechtigungen]] | [[de:Benutzer,_Archive_und_Berechtigungen]] | ||
+ | [[en:Users, Folders and Settings]] |
Latest revision as of 15:25, 3 April 2024
User Management
When emails are archived, they are always assigned to individual users (the original owners of the emails). Every MailStore user has his or her own user archive which is created automatically upon setting up the new user account. For this reason, before any emails can be archived, the appropriate user accounts have to be created first.
Options for the Setup of New User Accounts
- Adding users manually (described here)
- Synchronizing User Accounts with Active Directory
- Synchronizing User Accounts with an Application Integration Server
- Synchronizing User Accounts with an IceWarp Server
- Synchronizing User Accounts with a Kerio Connect Server
- Synchronizing User Accounts with a generic LDAP Server
- Synchronizing User Accounts with MDaemon USERLIST.DAT
Opening User Management
Log on to MailStore Client as administrator. Click on Administrative Tools > Users and Archives > Users.
Creating a New User
Click on Create New and enter a login name for the new user. This could be a combination of first and last name, for example. Click on OK to confirm. In the next window, additional settings may be specified. Again, click on OK to confirm the new settings.
The user is added to the list of users and can be edited at any time, as described in the following section.
Please note: The emails of a new user can be archived right away, no additional settings have to be specified. However, for the user to be able to log on to MailStore Client, a password has to be created (in the case of MailStore integrated authentication).
A password must meet the complexity rules. A password
- must be at least 10 characters long,
- must not contain the user name,
- must not contain the product name MailStore, the comparison is done case insensitive,
- must not contain the same character more than two times in a row,
- must have characters from at least 3 out of 5 character classes. These 5 character classes are:
- the upper case letters A-Z,
- the lower case letters a-z,
- the digits 0-9,
- the special characters !"#$%&'()*+,-./:;<=>?\[]@^_`{|}~ and the space character,
- characters that are neither upper case nor lower case, e.g. Chinese and Japanese characters.
Editing an Existing User Account
Select a user from the list and click on Properties.
- In the next window, the following settings can be specified:
- General Information
- Full Name: Enter first and last name of the user.
- Authentication: If choosing the setting MailStore-integrated, users have to use the password specified in user management when logging on to MailStore Client. Click on Commands... > Change Password... to set the password. Users can later change their passwords through the Manage Passwords feature in their installation of MailStore Client or using the Web Access.
Alternatively, the authentication Directory Services can be used. In this case, users can log on to MailStore using their directory service credential (e.g. Active Directory access data). - Multi-factor Authentication: The user is required to enter a another factor during the authentication phase.
- User is an Administrator: Only administrators have access to the administrative functions found in MailStore Client's Administrative Tools and in the management shell.
- Change Password: Only users with this privilege can change their passwords independently by using the button on the start page or the Web Access. Users without this privilege must use the password created by the administrator in user management (relevant with MailStore-integrated authentication).
- Log On Privileges
- Log on to MailStore Server: Only users with this privilege can log on to MailStore Server. Please note: Without this privilege, emails can still be archived for the respective user.
- Windows Client: The user is allowed to use the Windows Client.
- Web Access: The user is allowed to use the Web Access.
- Outlook Add-in: The user is allowed to use the Outlook Add-in.
- Scheduled Tasks / Cmd Cliet: The user is allowed to use scheduled tasks and the command line client of MailStore Client.
- IMAP: The user is allowed to access the archive using IMAP.
- Management API: The user is allowed to use the Management API. This option is only available for administrators. This option is unavailable in the SPE.
- Integration (optional)
- LDAP DN String: This information is needed if the user is to be authenticated through an LDAP based directory service such as Active Directory or other generic LDAP servers.
- Email Addresses: This information is only needed for the following archiving options: MailStore Gateway, Microsoft Exchange Journaling, Multidrop Mailbox and archiving multiple mailboxes synchronously.
- POP3 User Names: This information is only needed for archiving tasks using MailStore Gateway. If the POP3 user name does not match the user's email address, the user name has to be specified here.
- Privileges
- Privileges are described separately in section Specifying Privileges. As long as the appropriate privileges are not set, users are not able to delete any emails from the archive (even their own).
- Click on OK to apply the new settings.
Renaming Users
Select the user whose name you would like to change from the list of users and click on Rename. In the dialog window, enter the new user name and click OK.
Please note that the user archive must be renamed manually. The same applies to user privileges, archiving profiles, scheduled tasks, etc.
Deleting Users
Click on Administrative Tools > User and Archives and then on Users. Select the one or more users from the list, click on Delete and confirm the next dialog with OK.
Deleting a user has the following effects:
- Emails that were archived for that user are not being deleted. The corresponding user archive is still available in MailStore and can be accessed by the administrator or shared with other users through the privileges system (see below).
- Archiving and export profiles that belong to that user will be deleted. To preserve them, they have to be assigned to another user prior to the deletion.
- The user's license will be released. This license can be used to create a new user account.
Specifying Privileges
To specify the privileges for a user, click on Administrative Tools > Users and Archives and then on Users. Select the appropriate user from the list and click on Properties.
Please Note: If you highlight multiple users and click on Properties, you can change the privileges for all selected users in one step. Previously assigned privileges of the selected users to other archives will be removed and only the newly assigned privileges are applied.
The Following Privileges can be Assigned:
Archive Email
Only users with this privilege can execute archiving profiles independently and thereby archive emails to MailStore Server. Please note: An administrator can always archive emails for the user regardless of this setting. Please keep in mind that users can archive emails only if they have write-access to their MailStore user folders. This setting can be specified under Folder Access (described below).
- Unlimited - Users with this privilege can create and edit archiving profiles.
- Run existing profiles only - Users with this privilege can only execute already existing archiving profiles but can neither create new profiles nor modify existing ones.
- Manage profiles only - Users with this privilege can modify already existing archiving profiles and create new ones, but cannot run any profiles.
You can find additional information about this topic in chapter Working with Archiving Profiles
Export Email
Only users with this privilege can export emails from MailStore. Please see chapter Exporting Email for a description of the many options MailStore offers for email export.
- Unlimited - Users with this privilege can create and edit export profiles.
- Run existing profiles only - Users with this privilege can only execute already existing export profiles but can neither create new profiles nor modify existing ones.
- Manage profiles only - Users with this privilege can modify already existing export profiles and create new ones, but cannot run any profiles.
Additional information about this topic can be found in chapter Working with Export Profiles
Delete Email
Only users with this privilege can delete emails from their user archives. Please keep in mind that this privilege should only be granted with great care, because legal requirements are hard, if not impossible, to meet if users are allowed to delete their emails independently. Once deleted, emails can only be recovered by restoring a MailStore backup.
Folder Access (e.g. Access to the Emails of Other Users)
All main folders, which the current user has access to, are listed here. These folders correspond to the archives of individual MailStore users and contain all their archived emails. By default, users have only access to their own archives (to read and write, but not to delete). By clicking on Add New, the main folder of another user can be added to the list of folders accessible by the current user. Then the type of access to be permitted has to be specified.
The following options are available:
- Full Access
- Read
- Write
- Delete
From the users' perspective, the folders they have access to appear as entries in the folder structure of MailStore Client.
Please keep in mind that users can archive emails independently only if they have write-access to their own folders.
Overview of all Privileges Regarding Folder Access
To view all privileges regarding folder access, click on Administrative Tools > Users and Archives and then on Privileges.
The first column shows all user archives, the second column shows the MailStore users that have access to the respective user archive, and the third column lists the type of access privilege (e.g. Read, Write).
Orphaned archives are easily detectable, as the second and third column is empty.