Difference between revisions of "Users, Folders and Settings"

[unchecked revision][checked revision]
 
(34 intermediate revisions by 5 users not shown)
Line 1: Line 1:
= The MailStore Folder Structure =
+
== User Management ==
 
 
[[File:Accs_folders_01.png|right|200px]]
 
 
 
 
For each user, MailStore creates a folder on the highest level of the folder structure which corresponds to the archive of the respective user. It contains all emails that were archived for this user and is labeled ''My Archive''.
 
 
 
If the user has access to the archives of other MailStore users (as MailStore administrator, for example), their folders are listed as ''Archive of <User Name>'' under the top level folder ''Other Archives''
 
 
 
Below these main folders, the individual email sources (e.g. Microsoft Outlook or Exchange mailboxes) and their folder structures (e.g. ''Inbox'') are listed.
 
 
 
== Deleting Folders ==
 
 
 
Folders and the emails contained therein can only be deleted after the appropriate user privileges have been assigned explicitly by the administrator. If the folder to be deleted contains any subfolders, they will be deleted as well.
 
 
 
== Moving, Renaming, and Creating Folders Manually ==
 
 
 
Within MailStore, folders can be moved, renamed or created. Regular users can only do this within their own user archive, while MailStore administrators can move and rename folders beyond the boundaries of user archives.During the archiving process, MailStore adopts the folder structure and the folder names of the source (e.g. Microsoft Outlook).
 
 
 
Please note that moving large archives across the borders of user archives can take some time because the emails being moved have to be gathered by the full text index of the target user.
 
 
The features ''New Folder...'', ''Rename'' and ''Move to Folder...'' can be accessed by right-clicking on the corresponding archive folder.
 
 
If a MailStore administrator renames a user archive (Folder: ''Archive of <user name>'') without renaming the corresponding user, an empty archive will exist with this user name until it is changed.
 
 
 
== Deleting Emails ==
 
 
 
Highlight the emails to be deleted by clicking on the emails while holding down the control (''Ctrl'')key. Holding down the ''Ctrl'' key and pressing A will highlight all emails. Right-click on the highlighted item(s) and select ''Delete''. Users are only allowed to delete emails if they have received this privilege explicitly from the MailStore administrator.
 
 
 
<p class="msnote">Please keep in mind that allowing users to delete emails is not recommended; assigning such privileges makes it difficult, if not impossible, to comply with legal requirements regarding the storage of emails.</p>
 
 
 
== Moving Emails ==
 
 
 
Highlight the emails to be moved by clicking on the emails while holding down the control (''Ctrl'') key. Holding down the ''Ctrl'' key and pressing ''A'' will highlight all emails. Right-click on the highlighted item(s), select ''Move To Folder...'' and select a destination folder. Alternatively, drag and drop the highlighted emails into the destination folder. Emails can only be moved within a user archive unless you are a MailStore administrator.
 
 
 
= User Management =
 
 
 
 
When emails are archived, they are always assigned to individual users (the original owners of the emails). Every MailStore user has his or her own user archive which is created automatically upon setting up the new user account. For this reason, before any emails can be archived, the appropriate user accounts have to be created first.
 
When emails are archived, they are always assigned to individual users (the original owners of the emails). Every MailStore user has his or her own user archive which is created automatically upon setting up the new user account. For this reason, before any emails can be archived, the appropriate user accounts have to be created first.
  
== Options for the Setup of New User Accounts ==
+
=== Options for the Setup of New User Accounts ===
 
 
 
* Adding users manually (described here)
 
* Adding users manually (described here)
 
* Synchronizing User Accounts with [[Active_Directory_Integration|Active Directory]]
 
* Synchronizing User Accounts with [[Active_Directory_Integration|Active Directory]]
 +
* Synchronizing User Accounts with an [[Application Integration|Application Integration Server]]
 
* Synchronizing User Accounts with an [[IceWarp Server Integration|IceWarp Server]]
 
* Synchronizing User Accounts with an [[IceWarp Server Integration|IceWarp Server]]
 
* Synchronizing User Accounts with a [[Kerio Connect Integration|Kerio Connect Server]]
 
* Synchronizing User Accounts with a [[Kerio Connect Integration|Kerio Connect Server]]
Line 47: Line 11:
 
* Synchronizing User Accounts with [[MDaemon_Integration|MDaemon USERLIST.DAT]]
 
* Synchronizing User Accounts with [[MDaemon_Integration|MDaemon USERLIST.DAT]]
  
== Opening User Management ==
+
=== Opening User Management ===
 
+
Log on to MailStore Client as administrator. Click on ''Administrative Tools'' > ''Users and Archives'' > ''Users''.
Log on to MailStore Client as administrator. Click on ''Administrative Tools'' and then on ''Users''.
 
 
 
== Creating a New User ==
 
  
 +
=== Creating a New User ===
 
Click on ''Create New'' and enter a login name for the new user. This could be a combination of first and last name, for example. Click on ''OK'' to confirm. In the next window, additional settings may be specified. Again, click on ''OK'' to confirm the new settings.
 
Click on ''Create New'' and enter a login name for the new user. This could be a combination of first and last name, for example. Click on ''OK'' to confirm. In the next window, additional settings may be specified. Again, click on ''OK'' to confirm the new settings.
  
 
The user is added to the list of users and can be edited at any time, as described in the following section.
 
The user is added to the list of users and can be edited at any time, as described in the following section.
  
'''Please note:''' The emails for a new user can be archived right away, no additional settings have to be specified. However, for the user to be able to log on to MailStore Client, a password has to be created (in the case of MailStore integrated authentication).
+
'''Please note:''' The emails of a new user can be archived right away, no additional settings have to be specified. However, for the user to be able to log on to MailStore Client, a password has to be created (in the case of MailStore integrated authentication).
  
== Editing an Existing User Account ==
+
A password must meet the complexity rules. A password
  
 +
{{Notes_on_Password_Complexity}}
 +
 +
=== Editing an Existing User Account ===
 
Select a user from the list and click on ''Properties''.
 
Select a user from the list and click on ''Properties''.
  
Line 69: Line 34:
 
:'''General Information '''
 
:'''General Information '''
 
:*'''Full Name:''' Enter first and last name of the user.
 
:*'''Full Name:''' Enter first and last name of the user.
:*'''Authentication:''' If choosing the setting ''MailStore-integrated'', users have to use the password specified in user management when logging on to MailStore Client. Click on ''Password...'' to set the password. Users can later change their passwords through Administrative Tools in their installation of MailStore Client.<br/><br/>Alternatively, the authentication ''Directory Services'' can be used. In this case, users can log on to MailStore using their directory service credential (e.g. Active Directory access data).
+
:*'''Authentication:''' If choosing the setting ''MailStore-integrated'', users have to use the password specified in user management when logging on to MailStore Client. Click on ''Commands...'' > ''Change Password...'' to set the password. Users can later change their passwords through the ''Manage Passwords'' feature in their installation of MailStore Client or using the Web Access.<br/>Alternatively, the authentication ''Directory Services'' can be used. In this case, users can log on to MailStore using their directory service credential (e.g. Active Directory access data).
:*'''User is an Administrator:''' Only administrators have access to the administrative functions found in MailStore Client's Administrative Tools and in the Management Shell.
+
:*'''Multi-factor Authentication:''' The user is required to enter a [[Multi-factor Authentication|another factor]] during the authentication phase.
 +
:*'''User is an Administrator:''' Only administrators have access to the administrative functions found in MailStore Client's ''Administrative Tools'' and in the management shell.
 +
:*'''Change Password:''' Only users with this privilege can change their passwords independently by using the button on the start page or the Web Access. Users without this privilege must use the password created by the administrator in user management (relevant with MailStore-integrated authentication).
  
:'''Integration'''
+
:'''Log On Privileges'''
:*'''Windows User Name:''' This information is only needed if single sign-on is to be available to the user. In this case, after logging on to Windows, no additional login is required for starting MailStore Client.
+
:* '''Log on to MailStore Server:''' Only users with this privilege can log on to MailStore Server. Please note: Without this privilege, emails can still be archived for the respective user.
:*'''Email Addresses:''' This information is only needed for the following archiving options: MailStore Proxy Server, Microsoft Exchange Journaling, and archiving multiple Exchange mailboxes synchronously.
+
:*'''Windows Client:''' The user is allowed to use the Windows Client.
:*'''POP3 User Names:''' This information is only needed for archiving tasks using MailStore Proxy. If the POP3 user name does not match the user's email address, the user name has to be specified here.
+
:*'''Web Access:''' The user is allowed to use the Web Access.
 +
:*'''Outlook Add-in:''' The user is allowed to use the Outlook Add-in.
 +
:*'''Scheduled Tasks / Cmd Cliet:''' The user is allowed to use scheduled tasks and the command line client of MailStore Client.
 +
:*'''IMAP:''' The user is allowed to access the archive using IMAP.
 +
:*'''Management API:''' The user is allowed to use the Management API. This option is only available for administrators. This option is unavailable in the SPE.
 +
 
 +
:'''Integration (optional)'''
 +
:* '''LDAP DN String:''' This information is needed if the user is to be authenticated through an LDAP based directory service such as Active Directory or other generic LDAP servers.
 +
:*'''Email Addresses:''' This information is only needed for the following archiving options: MailStore Gateway, Microsoft Exchange Journaling, Multidrop Mailbox and archiving multiple mailboxes synchronously.
 +
:*'''POP3 User Names:''' This information is only needed for archiving tasks using MailStore Gateway. If the POP3 user name does not match the user's email address, the user name has to be specified here.
  
 
:'''Privileges'''  
 
:'''Privileges'''  
Line 82: Line 58:
 
* Click on ''OK'' to apply the new settings.
 
* Click on ''OK'' to apply the new settings.
  
== Deleting Users ==
+
=== Renaming Users ===
 
+
Select the user whose name you would like to change from the list of users and click on ''Rename''. In the dialog window, enter the new user name and click ''OK''.
Click on ''Administrative Tools'' > ''User and Privileges'' and then on ''Users''. Select the appropriate user from the list and click on ''Delete''.
+
 +
Please note that the user archive must be renamed manually. The same applies to user privileges, archiving profiles, scheduled tasks, etc.
  
'''Deleting a user does not delete the emails that were archived for that user. The corresponding user archive, including all emails, is still available in MailStore and can be accessed by the administrator.'''
+
=== Deleting Users ===
 +
Click on ''Administrative Tools'' > ''User and Archives'' and then on ''Users''. Select the one or more users from the list, click on ''Delete'' and confirm the next dialog with ''OK''.
  
Deleting a user releases the corresponding user license (despite the remaining user archive). This  license can be used to create a new user account.
+
Deleting a user has the following effects:
 +
* Emails that were archived for that user are not being deleted. The corresponding user archive is still available in MailStore and can be accessed by the administrator or shared with other users through the privileges system (see below).
 +
* Archiving and export profiles that belong to that user will be deleted. To preserve them, they have to be assigned to another user prior to the deletion.
 +
* The user's license will be released. This  license can be used to create a new user account.
  
= Specifying Privileges =
+
== Specifying Privileges ==
 +
To specify the privileges for a user, click on ''Administrative Tools'' > ''Users and Archives'' and then on ''Users''. Select the appropriate user from the list and click on ''Properties''.
  
To specify the privileges for a user, click on ''Administrative Tools'' > ''Users and Privileges'' and then on ''Users''. Select the appropriate user from the list and click on ''Properties''.
+
'''Please Note:''' If you highlight multiple users and click on ''Properties'', you can change the privileges for all selected users in one step. Previously assigned privileges of the selected users to other archives will be removed and only the newly assigned privileges are applied.
  
 
[[File:umgm_privileges_01.png|center|400px]]
 
[[File:umgm_privileges_01.png|center|400px]]
  
== The Following Privileges can be Assigned: ==
+
=== The Following Privileges can be Assigned: ===
 
 
'''Log on to MailStore Server'''<br/>
 
Only users with this privilege can log on to MailStore Server through MailStore Client. Please note: Without this privilege, emails can still be archived for the respective user.
 
 
 
'''Change Password'''<br/>
 
Only users with this privilege can change their passwords independently in MailStore's ''Administrative Tools'' under ''Change Password''. Users without this privilege must use the password created by the administrator in user management (relevant with MailStore-integrated authentication).
 
 
 
 
'''Archive Email'''<br/>
 
'''Archive Email'''<br/>
Only users with this privilege can execute archive profiles independently and thereby archive emails to MailStore Server. '''Please note:''' An administrator can always archive emails for the user regardless of this setting. Please keep in mind that users can archive emails only if they have write-access to their MailStore user folders. This setting can be specified under ''Folder Access'' (described below).
+
Only users with this privilege can execute archiving profiles independently and thereby archive emails to MailStore Server. '''Please note:''' An administrator can always archive emails for the user regardless of this setting. Please keep in mind that users can archive emails only if they have write-access to their MailStore user folders. This setting can be specified under ''Folder Access'' (described below).
  
 
: '''Unlimited''' - Users with this privilege can create and edit archiving profiles.  
 
: '''Unlimited''' - Users with this privilege can create and edit archiving profiles.  
: '''Run existing profiles only''' - Users with this privilege can only execute already existing archiving profiles but not create new profiles nor modify existing ones.
+
: '''Run existing profiles only''' - Users with this privilege can only execute already existing archiving profiles but can neither create new profiles nor modify existing ones.
: '''Manage profiles only''' - Users with this privilege can only modify already existing archiving profiles but not create new profiles or run existing ones.
+
: '''Manage profiles only''' - Users with this privilege can modify already existing archiving profiles and create new ones, but cannot run any profiles.
  
Additional information on this can be in chapter [[Email_Archiving_with_MailStore_Basics#Working_with_Archiving_Profiles|Working with Archiving Profiles]]
+
You can find additional information about this topic in chapter [[Email_Archiving_with_MailStore_Basics#Working_with_Archiving_Profiles|Working with Archiving Profiles]]
  
 
'''Export Email'''<br/>
 
'''Export Email'''<br/>
Line 117: Line 92:
  
 
: '''Unlimited''' - Users with this privilege can create and edit export profiles.  
 
: '''Unlimited''' - Users with this privilege can create and edit export profiles.  
: '''Run existing profiles only''' - Users with this privilege can only execute already existing export profiles but not create new profiles nor modify existing ones.
+
: '''Run existing profiles only''' - Users with this privilege can only execute already existing export profiles but can neither create new profiles nor modify existing ones.
: '''Manage profiles only''' - Users with this privilege can only modify already existing export profiles but not create new profiles or run existing ones.
+
: '''Manage profiles only''' - Users with this privilege can modify already existing export profiles and create new ones, but cannot run any profiles.
  
Additional information on this can be in chapter [[Exporting_Email#Working_with_Export_Profiles|Working with Export Profiles]]  
+
Additional information about this topic can be found in chapter [[Exporting_Email#Working_with_Export_Profiles|Working with Export Profiles]]  
  
 
'''Delete Email'''<br/>
 
'''Delete Email'''<br/>
 
Only users with this privilege can delete emails from their user archives. Please keep in mind that this privilege should only be granted with great care, because legal requirements are hard, if not impossible, to meet if users are allowed to delete their emails independently. Once deleted, emails can only be recovered by restoring a MailStore backup.
 
Only users with this privilege can delete emails from their user archives. Please keep in mind that this privilege should only be granted with great care, because legal requirements are hard, if not impossible, to meet if users are allowed to delete their emails independently. Once deleted, emails can only be recovered by restoring a MailStore backup.
  
== Folder Access (e.g. Access to the Emails of Other Users) ==
+
=== Folder Access (e.g. Access to the Emails of Other Users) ===
 
 
 
All main folders, which the current user has access to, are listed here. These folders correspond to the archives of individual MailStore users and contain all their archived emails. By default, users have only access to their own archives (to read and write, but not to delete). By clicking on ''Add New'', the main folder of another user can be added to the list of folders accessible by the current user. Then the type of access to be permitted has to be specified.
 
All main folders, which the current user has access to, are listed here. These folders correspond to the archives of individual MailStore users and contain all their archived emails. By default, users have only access to their own archives (to read and write, but not to delete). By clicking on ''Add New'', the main folder of another user can be added to the list of folders accessible by the current user. Then the type of access to be permitted has to be specified.
  
Line 136: Line 110:
 
* Delete  
 
* Delete  
  
From the users' perspective, the folders they have access to appear as entries in the folder structure of MailStore Client. Please refer to chapter [[Users,_Folders_and_Settings#The_MailStore_Folder_Structure|The MailStore Folder Structure]] for more information.
+
From the users' perspective, the folders they have access to appear as entries in the folder structure of MailStore Client.
  
 
Please keep in mind that users can archive emails independently only if they have write-access to their own folders.
 
Please keep in mind that users can archive emails independently only if they have write-access to their own folders.
  
== Overview of all Privileges Regarding Folder Access ==
+
=== Overview of all Privileges Regarding Folder Access ===
 
+
To view all privileges regarding folder access, click on ''Administrative Tools'' > ''Users and Archives'' and then on ''Privileges''.
To view all privileges regarding folder access, click on ''Administrative Tools'' > ''Users and Privileges'' and then on ''Privileges''.
 
  
 
[[File:umgm_privileges_02.png|center|450px]]
 
[[File:umgm_privileges_02.png|center|450px]]
  
 
The first column shows all user archives, the second column shows the MailStore users that have access to the respective user archive, and the third column lists the type of access privilege (e.g. Read, Write).
 
The first column shows all user archives, the second column shows the MailStore users that have access to the respective user archive, and the third column lists the type of access privilege (e.g. Read, Write).
 +
 +
Orphaned archives are easily detectable, as the second and third column is empty.
 +
 
[[de:Benutzer,_Archive_und_Berechtigungen]]
 
[[de:Benutzer,_Archive_und_Berechtigungen]]
 +
[[en:Users, Folders and Settings]]

Latest revision as of 15:25, 3 April 2024

User Management

When emails are archived, they are always assigned to individual users (the original owners of the emails). Every MailStore user has his or her own user archive which is created automatically upon setting up the new user account. For this reason, before any emails can be archived, the appropriate user accounts have to be created first.

Options for the Setup of New User Accounts

Opening User Management

Log on to MailStore Client as administrator. Click on Administrative Tools > Users and Archives > Users.

Creating a New User

Click on Create New and enter a login name for the new user. This could be a combination of first and last name, for example. Click on OK to confirm. In the next window, additional settings may be specified. Again, click on OK to confirm the new settings.

The user is added to the list of users and can be edited at any time, as described in the following section.

Please note: The emails of a new user can be archived right away, no additional settings have to be specified. However, for the user to be able to log on to MailStore Client, a password has to be created (in the case of MailStore integrated authentication).

A password must meet the complexity rules. A password

  • must be at least 10 characters long,
  • must not contain the user name,
  • must not contain the product name MailStore, the comparison is done case insensitive,
  • must not contain the same character more than two times in a row,
  • must have characters from at least 3 out of 5 character classes. These 5 character classes are:
    • the upper case letters A-Z,
    • the lower case letters a-z,
    • the digits 0-9,
    • the special characters !"#$%&'()*+,-./:;<=>?\[]@^_`{|}~ and the space character,
    • characters that are neither upper case nor lower case, e.g. Chinese and Japanese characters.


Editing an Existing User Account

Select a user from the list and click on Properties.

Umgm users 02.png
  • In the next window, the following settings can be specified:
General Information
  • Full Name: Enter first and last name of the user.
  • Authentication: If choosing the setting MailStore-integrated, users have to use the password specified in user management when logging on to MailStore Client. Click on Commands... > Change Password... to set the password. Users can later change their passwords through the Manage Passwords feature in their installation of MailStore Client or using the Web Access.
    Alternatively, the authentication Directory Services can be used. In this case, users can log on to MailStore using their directory service credential (e.g. Active Directory access data).
  • Multi-factor Authentication: The user is required to enter a another factor during the authentication phase.
  • User is an Administrator: Only administrators have access to the administrative functions found in MailStore Client's Administrative Tools and in the management shell.
  • Change Password: Only users with this privilege can change their passwords independently by using the button on the start page or the Web Access. Users without this privilege must use the password created by the administrator in user management (relevant with MailStore-integrated authentication).
Log On Privileges
  • Log on to MailStore Server: Only users with this privilege can log on to MailStore Server. Please note: Without this privilege, emails can still be archived for the respective user.
  • Windows Client: The user is allowed to use the Windows Client.
  • Web Access: The user is allowed to use the Web Access.
  • Outlook Add-in: The user is allowed to use the Outlook Add-in.
  • Scheduled Tasks / Cmd Cliet: The user is allowed to use scheduled tasks and the command line client of MailStore Client.
  • IMAP: The user is allowed to access the archive using IMAP.
  • Management API: The user is allowed to use the Management API. This option is only available for administrators. This option is unavailable in the SPE.
Integration (optional)
  • LDAP DN String: This information is needed if the user is to be authenticated through an LDAP based directory service such as Active Directory or other generic LDAP servers.
  • Email Addresses: This information is only needed for the following archiving options: MailStore Gateway, Microsoft Exchange Journaling, Multidrop Mailbox and archiving multiple mailboxes synchronously.
  • POP3 User Names: This information is only needed for archiving tasks using MailStore Gateway. If the POP3 user name does not match the user's email address, the user name has to be specified here.
Privileges
Privileges are described separately in section Specifying Privileges. As long as the appropriate privileges are not set, users are not able to delete any emails from the archive (even their own).
  • Click on OK to apply the new settings.

Renaming Users

Select the user whose name you would like to change from the list of users and click on Rename. In the dialog window, enter the new user name and click OK.

Please note that the user archive must be renamed manually. The same applies to user privileges, archiving profiles, scheduled tasks, etc.

Deleting Users

Click on Administrative Tools > User and Archives and then on Users. Select the one or more users from the list, click on Delete and confirm the next dialog with OK.

Deleting a user has the following effects:

  • Emails that were archived for that user are not being deleted. The corresponding user archive is still available in MailStore and can be accessed by the administrator or shared with other users through the privileges system (see below).
  • Archiving and export profiles that belong to that user will be deleted. To preserve them, they have to be assigned to another user prior to the deletion.
  • The user's license will be released. This license can be used to create a new user account.

Specifying Privileges

To specify the privileges for a user, click on Administrative Tools > Users and Archives and then on Users. Select the appropriate user from the list and click on Properties.

Please Note: If you highlight multiple users and click on Properties, you can change the privileges for all selected users in one step. Previously assigned privileges of the selected users to other archives will be removed and only the newly assigned privileges are applied.

Umgm privileges 01.png

The Following Privileges can be Assigned:

Archive Email
Only users with this privilege can execute archiving profiles independently and thereby archive emails to MailStore Server. Please note: An administrator can always archive emails for the user regardless of this setting. Please keep in mind that users can archive emails only if they have write-access to their MailStore user folders. This setting can be specified under Folder Access (described below).

Unlimited - Users with this privilege can create and edit archiving profiles.
Run existing profiles only - Users with this privilege can only execute already existing archiving profiles but can neither create new profiles nor modify existing ones.
Manage profiles only - Users with this privilege can modify already existing archiving profiles and create new ones, but cannot run any profiles.

You can find additional information about this topic in chapter Working with Archiving Profiles

Export Email
Only users with this privilege can export emails from MailStore. Please see chapter Exporting Email for a description of the many options MailStore offers for email export.

Unlimited - Users with this privilege can create and edit export profiles.
Run existing profiles only - Users with this privilege can only execute already existing export profiles but can neither create new profiles nor modify existing ones.
Manage profiles only - Users with this privilege can modify already existing export profiles and create new ones, but cannot run any profiles.

Additional information about this topic can be found in chapter Working with Export Profiles

Delete Email
Only users with this privilege can delete emails from their user archives. Please keep in mind that this privilege should only be granted with great care, because legal requirements are hard, if not impossible, to meet if users are allowed to delete their emails independently. Once deleted, emails can only be recovered by restoring a MailStore backup.

Folder Access (e.g. Access to the Emails of Other Users)

All main folders, which the current user has access to, are listed here. These folders correspond to the archives of individual MailStore users and contain all their archived emails. By default, users have only access to their own archives (to read and write, but not to delete). By clicking on Add New, the main folder of another user can be added to the list of folders accessible by the current user. Then the type of access to be permitted has to be specified.

The following options are available:

  • Full Access
  • Read
  • Write
  • Delete

From the users' perspective, the folders they have access to appear as entries in the folder structure of MailStore Client.

Please keep in mind that users can archive emails independently only if they have write-access to their own folders.

Overview of all Privileges Regarding Folder Access

To view all privileges regarding folder access, click on Administrative Tools > Users and Archives and then on Privileges.

Umgm privileges 02.png

The first column shows all user archives, the second column shows the MailStore users that have access to the respective user archive, and the third column lists the type of access privilege (e.g. Read, Write).

Orphaned archives are easily detectable, as the second and third column is empty.