Difference between revisions of "Users, Folders and Settings"

[unchecked revision][checked revision]
 
(13 intermediate revisions by 3 users not shown)
Line 21: Line 21:
 
'''Please note:''' The emails of a new user can be archived right away, no additional settings have to be specified. However, for the user to be able to log on to MailStore Client, a password has to be created (in the case of MailStore integrated authentication).
 
'''Please note:''' The emails of a new user can be archived right away, no additional settings have to be specified. However, for the user to be able to log on to MailStore Client, a password has to be created (in the case of MailStore integrated authentication).
  
A password must meet the complexity rules. A password must
+
A password must meet the complexity rules. A password
  
 
{{Notes_on_Password_Complexity}}
 
{{Notes_on_Password_Complexity}}
Line 34: Line 34:
 
:'''General Information '''
 
:'''General Information '''
 
:*'''Full Name:''' Enter first and last name of the user.
 
:*'''Full Name:''' Enter first and last name of the user.
:*'''Authentication:''' If choosing the setting ''MailStore-integrated'', users have to use the password specified in user management when logging on to MailStore Client. Click on ''Password...'' to set the password. Users can later change their passwords through the ''Administrative Tools'' in their installation of MailStore Client.<br/><br/>Alternatively, the authentication ''Directory Services'' can be used. In this case, users can log on to MailStore using their directory service credential (e.g. Active Directory access data).
+
:*'''Authentication:''' If choosing the setting ''MailStore-integrated'', users have to use the password specified in user management when logging on to MailStore Client. Click on ''Commands...'' > ''Change Password...'' to set the password. Users can later change their passwords through the ''Manage Passwords'' feature in their installation of MailStore Client or using the Web Access.<br/>Alternatively, the authentication ''Directory Services'' can be used. In this case, users can log on to MailStore using their directory service credential (e.g. Active Directory access data).
 +
:*'''Multi-factor Authentication:''' The user is required to enter a [[Multi-factor Authentication|another factor]] during the authentication phase.
 
:*'''User is an Administrator:''' Only administrators have access to the administrative functions found in MailStore Client's ''Administrative Tools'' and in the management shell.
 
:*'''User is an Administrator:''' Only administrators have access to the administrative functions found in MailStore Client's ''Administrative Tools'' and in the management shell.
 +
:*'''Change Password:''' Only users with this privilege can change their passwords independently by using the button on the start page or the Web Access. Users without this privilege must use the password created by the administrator in user management (relevant with MailStore-integrated authentication).
 +
 +
:'''Log On Privileges'''
 +
:* '''Log on to MailStore Server:''' Only users with this privilege can log on to MailStore Server. Please note: Without this privilege, emails can still be archived for the respective user.
 +
:*'''Windows Client:''' The user is allowed to use the Windows Client.
 +
:*'''Web Access:''' The user is allowed to use the Web Access.
 +
:*'''Outlook Add-in:''' The user is allowed to use the Outlook Add-in.
 +
:*'''Scheduled Tasks / Cmd Cliet:''' The user is allowed to use scheduled tasks and the command line client of MailStore Client.
 +
:*'''IMAP:''' The user is allowed to access the archive using IMAP.
 +
:*'''Management API:''' The user is allowed to use the Management API. This option is only available for administrators. This option is unavailable in the SPE.
  
 
:'''Integration (optional)'''
 
:'''Integration (optional)'''
 
:* '''LDAP DN String:''' This information is needed if the user is to be authenticated through an LDAP based directory service such as Active Directory or other generic LDAP servers.
 
:* '''LDAP DN String:''' This information is needed if the user is to be authenticated through an LDAP based directory service such as Active Directory or other generic LDAP servers.
:*'''Email Addresses:''' This information is only needed for the following archiving options: MailStore Proxy Server, Microsoft Exchange Journaling, and archiving multiple Exchange mailboxes synchronously.
+
:*'''Email Addresses:''' This information is only needed for the following archiving options: MailStore Gateway, Microsoft Exchange Journaling, Multidrop Mailbox and archiving multiple mailboxes synchronously.
:*'''POP3 User Names:''' This information is only needed for archiving tasks using MailStore Proxy. If the POP3 user name does not match the user's email address, the user name has to be specified here.
+
:*'''POP3 User Names:''' This information is only needed for archiving tasks using MailStore Gateway. If the POP3 user name does not match the user's email address, the user name has to be specified here.
  
 
:'''Privileges'''  
 
:'''Privileges'''  
Line 63: Line 74:
 
To specify the privileges for a user, click on ''Administrative Tools'' > ''Users and Archives'' and then on ''Users''. Select the appropriate user from the list and click on ''Properties''.
 
To specify the privileges for a user, click on ''Administrative Tools'' > ''Users and Archives'' and then on ''Users''. Select the appropriate user from the list and click on ''Properties''.
  
'''Please Note:''' If you highlight multiple users and click on ''Properties'', you can change the privileges for all selected users in one step.
+
'''Please Note:''' If you highlight multiple users and click on ''Properties'', you can change the privileges for all selected users in one step. Previously assigned privileges of the selected users to other archives will be removed and only the newly assigned privileges are applied.
  
 
[[File:umgm_privileges_01.png|center|400px]]
 
[[File:umgm_privileges_01.png|center|400px]]
  
 
=== The Following Privileges can be Assigned: ===
 
=== The Following Privileges can be Assigned: ===
'''Log on to MailStore Server'''<br/>
 
Only users with this privilege can log on to MailStore Server through MailStore Client. Please note: Without this privilege, emails can still be archived for the respective user.
 
 
'''Change Password'''<br/>
 
Only users with this privilege can change their passwords independently in MailStore's ''Administrative Tools'' under ''Change Password''. Users without this privilege must use the password created by the administrator in user management (relevant with MailStore-integrated authentication).
 
 
 
'''Archive Email'''<br/>
 
'''Archive Email'''<br/>
 
Only users with this privilege can execute archiving profiles independently and thereby archive emails to MailStore Server. '''Please note:''' An administrator can always archive emails for the user regardless of this setting. Please keep in mind that users can archive emails only if they have write-access to their MailStore user folders. This setting can be specified under ''Folder Access'' (described below).
 
Only users with this privilege can execute archiving profiles independently and thereby archive emails to MailStore Server. '''Please note:''' An administrator can always archive emails for the user regardless of this setting. Please keep in mind that users can archive emails only if they have write-access to their MailStore user folders. This setting can be specified under ''Folder Access'' (described below).
Line 105: Line 110:
 
* Delete  
 
* Delete  
  
From the users' perspective, the folders they have access to appear as entries in the folder structure of MailStore Client. Please refer to section [[Users,_Folders_and_Settings#The_MailStore_Folder_Structure|The MailStore Folder Structure]] for more information.
+
From the users' perspective, the folders they have access to appear as entries in the folder structure of MailStore Client.
  
 
Please keep in mind that users can archive emails independently only if they have write-access to their own folders.
 
Please keep in mind that users can archive emails independently only if they have write-access to their own folders.
Line 115: Line 120:
  
 
The first column shows all user archives, the second column shows the MailStore users that have access to the respective user archive, and the third column lists the type of access privilege (e.g. Read, Write).
 
The first column shows all user archives, the second column shows the MailStore users that have access to the respective user archive, and the third column lists the type of access privilege (e.g. Read, Write).
 +
 +
Orphaned archives are easily detectable, as the second and third column is empty.
  
 
[[de:Benutzer,_Archive_und_Berechtigungen]]
 
[[de:Benutzer,_Archive_und_Berechtigungen]]
 
[[en:Users, Folders and Settings]]
 
[[en:Users, Folders and Settings]]

Latest revision as of 15:25, 3 April 2024

User Management

When emails are archived, they are always assigned to individual users (the original owners of the emails). Every MailStore user has his or her own user archive which is created automatically upon setting up the new user account. For this reason, before any emails can be archived, the appropriate user accounts have to be created first.

Options for the Setup of New User Accounts

Opening User Management

Log on to MailStore Client as administrator. Click on Administrative Tools > Users and Archives > Users.

Creating a New User

Click on Create New and enter a login name for the new user. This could be a combination of first and last name, for example. Click on OK to confirm. In the next window, additional settings may be specified. Again, click on OK to confirm the new settings.

The user is added to the list of users and can be edited at any time, as described in the following section.

Please note: The emails of a new user can be archived right away, no additional settings have to be specified. However, for the user to be able to log on to MailStore Client, a password has to be created (in the case of MailStore integrated authentication).

A password must meet the complexity rules. A password

  • must be at least 10 characters long,
  • must not contain the user name,
  • must not contain the product name MailStore, the comparison is done case insensitive,
  • must not contain the same character more than two times in a row,
  • must have characters from at least 3 out of 5 character classes. These 5 character classes are:
    • the upper case letters A-Z,
    • the lower case letters a-z,
    • the digits 0-9,
    • the special characters !"#$%&'()*+,-./:;<=>?\[]@^_`{|}~ and the space character,
    • characters that are neither upper case nor lower case, e.g. Chinese and Japanese characters.


Editing an Existing User Account

Select a user from the list and click on Properties.

Umgm users 02.png
  • In the next window, the following settings can be specified:
General Information
  • Full Name: Enter first and last name of the user.
  • Authentication: If choosing the setting MailStore-integrated, users have to use the password specified in user management when logging on to MailStore Client. Click on Commands... > Change Password... to set the password. Users can later change their passwords through the Manage Passwords feature in their installation of MailStore Client or using the Web Access.
    Alternatively, the authentication Directory Services can be used. In this case, users can log on to MailStore using their directory service credential (e.g. Active Directory access data).
  • Multi-factor Authentication: The user is required to enter a another factor during the authentication phase.
  • User is an Administrator: Only administrators have access to the administrative functions found in MailStore Client's Administrative Tools and in the management shell.
  • Change Password: Only users with this privilege can change their passwords independently by using the button on the start page or the Web Access. Users without this privilege must use the password created by the administrator in user management (relevant with MailStore-integrated authentication).
Log On Privileges
  • Log on to MailStore Server: Only users with this privilege can log on to MailStore Server. Please note: Without this privilege, emails can still be archived for the respective user.
  • Windows Client: The user is allowed to use the Windows Client.
  • Web Access: The user is allowed to use the Web Access.
  • Outlook Add-in: The user is allowed to use the Outlook Add-in.
  • Scheduled Tasks / Cmd Cliet: The user is allowed to use scheduled tasks and the command line client of MailStore Client.
  • IMAP: The user is allowed to access the archive using IMAP.
  • Management API: The user is allowed to use the Management API. This option is only available for administrators. This option is unavailable in the SPE.
Integration (optional)
  • LDAP DN String: This information is needed if the user is to be authenticated through an LDAP based directory service such as Active Directory or other generic LDAP servers.
  • Email Addresses: This information is only needed for the following archiving options: MailStore Gateway, Microsoft Exchange Journaling, Multidrop Mailbox and archiving multiple mailboxes synchronously.
  • POP3 User Names: This information is only needed for archiving tasks using MailStore Gateway. If the POP3 user name does not match the user's email address, the user name has to be specified here.
Privileges
Privileges are described separately in section Specifying Privileges. As long as the appropriate privileges are not set, users are not able to delete any emails from the archive (even their own).
  • Click on OK to apply the new settings.

Renaming Users

Select the user whose name you would like to change from the list of users and click on Rename. In the dialog window, enter the new user name and click OK.

Please note that the user archive must be renamed manually. The same applies to user privileges, archiving profiles, scheduled tasks, etc.

Deleting Users

Click on Administrative Tools > User and Archives and then on Users. Select the one or more users from the list, click on Delete and confirm the next dialog with OK.

Deleting a user has the following effects:

  • Emails that were archived for that user are not being deleted. The corresponding user archive is still available in MailStore and can be accessed by the administrator or shared with other users through the privileges system (see below).
  • Archiving and export profiles that belong to that user will be deleted. To preserve them, they have to be assigned to another user prior to the deletion.
  • The user's license will be released. This license can be used to create a new user account.

Specifying Privileges

To specify the privileges for a user, click on Administrative Tools > Users and Archives and then on Users. Select the appropriate user from the list and click on Properties.

Please Note: If you highlight multiple users and click on Properties, you can change the privileges for all selected users in one step. Previously assigned privileges of the selected users to other archives will be removed and only the newly assigned privileges are applied.

Umgm privileges 01.png

The Following Privileges can be Assigned:

Archive Email
Only users with this privilege can execute archiving profiles independently and thereby archive emails to MailStore Server. Please note: An administrator can always archive emails for the user regardless of this setting. Please keep in mind that users can archive emails only if they have write-access to their MailStore user folders. This setting can be specified under Folder Access (described below).

Unlimited - Users with this privilege can create and edit archiving profiles.
Run existing profiles only - Users with this privilege can only execute already existing archiving profiles but can neither create new profiles nor modify existing ones.
Manage profiles only - Users with this privilege can modify already existing archiving profiles and create new ones, but cannot run any profiles.

You can find additional information about this topic in chapter Working with Archiving Profiles

Export Email
Only users with this privilege can export emails from MailStore. Please see chapter Exporting Email for a description of the many options MailStore offers for email export.

Unlimited - Users with this privilege can create and edit export profiles.
Run existing profiles only - Users with this privilege can only execute already existing export profiles but can neither create new profiles nor modify existing ones.
Manage profiles only - Users with this privilege can modify already existing export profiles and create new ones, but cannot run any profiles.

Additional information about this topic can be found in chapter Working with Export Profiles

Delete Email
Only users with this privilege can delete emails from their user archives. Please keep in mind that this privilege should only be granted with great care, because legal requirements are hard, if not impossible, to meet if users are allowed to delete their emails independently. Once deleted, emails can only be recovered by restoring a MailStore backup.

Folder Access (e.g. Access to the Emails of Other Users)

All main folders, which the current user has access to, are listed here. These folders correspond to the archives of individual MailStore users and contain all their archived emails. By default, users have only access to their own archives (to read and write, but not to delete). By clicking on Add New, the main folder of another user can be added to the list of folders accessible by the current user. Then the type of access to be permitted has to be specified.

The following options are available:

  • Full Access
  • Read
  • Write
  • Delete

From the users' perspective, the folders they have access to appear as entries in the folder structure of MailStore Client.

Please keep in mind that users can archive emails independently only if they have write-access to their own folders.

Overview of all Privileges Regarding Folder Access

To view all privileges regarding folder access, click on Administrative Tools > Users and Archives and then on Privileges.

Umgm privileges 02.png

The first column shows all user archives, the second column shows the MailStore users that have access to the respective user archive, and the third column lists the type of access privilege (e.g. Read, Write).

Orphaned archives are easily detectable, as the second and third column is empty.