 |
Let's review user permissions:
Let's start with standard user permissions (these can be found on the Features and Preferences/Access/Limits tabs of the User Details form, accessible via the List Directory). User permissions are inherited from user groups as well as explicitly set on the user form. The permissions structure can be visualized as an inverted pyramid, with the All Users group occupying the broad and flat top, and the individual user occupying the point at the bottom. All permissions are passed down through the group structure to the individual user, where they can be overridden.
User permissions are assigned using checkboxes in the "set" column, and the final state is referenced in the "current" column. The "set" column has three states to choose from:
On |
|
When defined in a user group or for the user, the permission is enforced to the enabled state, regardless of other user permission groups. |
Off |
|
When defined in a user group, the permission is enforced to the disabled state, but will be enabled if set by another group assigned to the same user. When defined for the user, the permission is enforced to the disabled state, regardless of other user permission groups. |
Inherited |
|
The permission follows the permission inherited by the user permission group structure. |
User permissions are defined as follows (the image below is taken from the User Details form):
Desktop: These permissions are associated with the user's desktop:
Calendar |
Enabling this permission allows the user to share FirstClass calendars with other users. If this permission is disabled, the user maintains access to their personal calendar, but cannot share that calendar by adding participants. |
Contacts |
Enabling this permission allows the user to use Contacts (Address Book). If this permission is disabled, the user can add entries to their personal Contacts folder, but cannot address messages to those entries. This may seem counterintuitive, as this allows the user access to the Contacts folder without it "working," but the user will still be able to use the Contacts folder to record data for uses external to FirstClass. |
Publish Web Site |
Enabling this permission allows the user to publish a personal Web home page using the out-of-the-box FirstClass Web templates attached to the default HTTP login site. If this permission is disabled, the user's résumé will be displayed to anyone trying to access the user's Web site. It is important to remember that résumés may be published to the Internet if the system is not specifically set up to restrict that access. |
Share Documents |
Enabling this permission allows the user to share content stored in the user's My Shared Documents folder with other FirstClass users. |
Messaging: These permissions are associated with the user's FirstClass mailbox:
Private Mail |
Enabling this permission allows the user to generate and send email from their Mailbox. If this permission is disabled, the user will still be able to receive email. |
Unsend |
Enabling this permission allows the user to retract a sent email from other FirstClass users, removing it from their Mailboxes. Email that has been moved out of a recipient's Mailbox and email that has been sent through a Gateway (to another FirstClass system or to another email system entirely) cannot be retracted. |
Forward |
Enabling this permission allows the user to forward received email. Forwarding email creates an entirely new copy of that email, so this adds to the total storage usage for that user. This is important to note for systems with limited storage space or tight quotas. |
Set Expiry |
Enabling this permission allows the user to set an expiry date for an outgoing email that will override expiry settings elsewhere in the system. If this permission is disabled, the user may still set expiry dates within their own Mailboxes. |
Make Urgent |
Enabling this permission allows the user to mark outgoing email with the Urgent label. Please note that the FirstClass Server and several types of Gateways can be configured to process email marked as Urgent on a priority basis. |
Receipt Notification |
Enabling this permission allows the user to enable email receipt notification, causing FirstClass to generate email when a marked message is opened by a recipient. Please note that enabling this feature will increase message traffic. |
Mark as Unread |
Enabling this permission allows the user to toggle the Read State flags for received messages without actually opening the message. This allows the user to mark the message as Read without triggering receipt notification or an entry in the message History. |
Program Mail Rules |
Enabling this permission allows the user to set mail rules for their Mailbox. |
Mailbox Permissions |
Enabling this permission allows the user to edit Mailbox permissions. Please note that enabling this will allow the user potentially damaging control over their Mailbox, including the ability to lock themselves out. |
Make Voice Call |
Enabling this permission allows the user to make phone calls with the FirstClass client if FirstClass Unified Communications is installed. The call recipient must have a valid DN dialable by Voice Services, and the caller must have physical access to the phone listed first in the "Voice DN" field on the User Detail form when using this feature. |
Collaboration: These permissions are associated with FirstClass conferencing and group calendars:
Conference Mail |
Enabling this permission allows the user to send email to conferences if that permission is enabled at the object level. If this permission is disabled, the user will still be able to open and read conference email if those permissions are enabled at the object level. |
View Presence |
Enabling this permission allows the user to access the Who's Online feature to determine the login state of users that belong to the appropriately restricted directories. |
View Résumés |
Enabling this permission allows the user to view résumés of other users on the system. |
Create Résumé |
Enabling this permission allows the user to share their résumé with other users on the system. If the Publish Web Site permission is disabled, the résumé will be substituted for a Web presence unless specifically restricted. |
Instant Messaging |
Enabling this permission allows the user to initiate the FirstClass Instant Messaging feature. If this permission is disabled, the user may still receive and accept chat invitations from the FirstClass Administrator. |
Join Chat Rooms |
Enabling this permission allows the user to participate in pre-existing chat rooms made available via alias or location in an accessible conference. |
Create Chat Rooms |
Enabling this permission allows the user to create public chat rooms. Chat rooms can be created only in conferences where the user has the Create Subconferences object permission. |
Share Contact Databases |
Enabling this permission allows the user to create shared contact databases and grant access to available users. |
Share Conferences |
Enabling this permission allows the user to subscribe other users to owned conferences. Subscribing users will place an alias to that conference on the subscribed user's Desktop. Please note that subscribing a user to a conference does not necessarily grant that user access; access is determined by object permissions. |
Share Calendars |
Enabling this permission allows the user to create new collaboration ("group") calendars and grant access to available users. |
Publish Directory Names |
Enabling this permission allows the user to include the name of a conference or calendar in the Directory, if the user has permission to Share Conferences and/or Calendars. If this permission is disabled, conferences and calendars the user creates will be unlisted for all but the Administrator and Subadministrators. |
Share Workspaces |
Enabling this permission allows the user to create new workgroups in the user's Workspaces area and grant access to available users. |
Admin Status: This status and permissions combination is associated with the Subadministrator status:
Subadministrator |
This is a status, not a permission. Enabling this status labels the user as a Subadministrator. Please note that assigning Subadministrator status will, by default, enable every status and permission in the Admin Status, Content, and Special Status sections except for Secure and Unlisted. |
Monitor Server |
Enabling this permission allows the user to access debugging, logging, and other commands that record and export server information. This permission also allows the user to access all server monitors and view all server statistics. |
Maintain Server |
Enabling this permission grants the user all access indicated by the Monitor Server permission as well as the ability to: • start or stop an audit • request fast and polite shutdowns • send broadcasts • force logoff non-admin/maint/mon users • start gateways • reset services and modems • disable and enable login • change server priority • pause, continue, resync mirrors • request a snapshot hold or release |
Content: These permissions are associated with FirstClass content management:
Upload |
Enabling this permission allows the user to attach files to messages and documents as well as upload documents to the user's Desktop. The user can upload documents to conferences only if the object permission Create Items is enabled for that conference. For systems with Unified Communications, this privilege is required to create voice messages. |
Download |
Enabling this permission allows the user to save files attached to messages and documents as well as download items from the user's Desktop. The user can download documents from conferences only if the object permission Download Attachments is enabled for that conference. For systems with Unified Communications, this privilege is required to listen to voice messages. |
Copy to Clipboard |
Enabling this permission allows the user to copy and paste FirstClass content. |
Save to Local Disk |
Enabling this permission allows the user to save FirstClass content to a local disk. |
Printing |
Enabling this permission allows the user to print FirstClass views. |
Special Status: This status and permissions combination is associated with system-level user definitions:
Does Not Expire |
This is a status, not a permission. Enabling this status prevents the user account from automatic deletion if the account is inactive for the system-defined number of days. This status overrides the default system value. |
Secure |
This is a status, not a permission. Enabling this status prevents the FirstClass Administrator and Subadministrators from viewing the user's desktop. |
Unlisted |
This is a status, not a permission. Enabling this status restricts directory access to users with the View Unlisted permission. Please note that enabling this status also prevents all users without the View Unlisted permission from sending Unlisted users any local mail or viewing them in the Who's Online list. |
View Unlisted |
Enabling this permission allows the user to view all users and containers marked as Unlisted in the Directory and the Who's Online list. |
View User Information |
Enabling this permission allows the user to view all User Detail forms. Please note that although user passwords are always bulleted out ("•••••••"), enabling this permission will give the user access to all other system-level information regarding other users, including user ID, group association, directory restriction, and user status and permissions. |
Edit User Information |
Enabling this permission allows the user (in conjunction with the View User Information permission) to change all information located on user detail forms. Please note that enabling this permission will allow the user to change User IDs and passwords, as well as group association, directory restriction, and user status and permissions. |
Create Voice Menus |
Enabling this permission allows the user to create personal voice menus for systems with Unified Communications. |
Allow Mail Relay |
Enabling this permission allows the user to use email relaying. |
Application Developer |
Enabling this permission allows the user to create FirstClass Applications. |
Let's review conference permissions:
| |
