 |
Form tabs
FirstClass determines a user's privileges based on the groups to which that user belongs. To see a list of the groups to which a user belongs, open the user's User Information Form. FirstClass sets the privileges specified in the first group in this list, then overrides these settings with the settings specified in the next group, and so on. Turn on advanced privileges with caution.
Group name |
The name of the user group. |
Model Desktop button |
Opens the user group's Model Desktop. |
Resources button |
Opens the rules and resources folder for this group. |
Organizational unit |
Choose the organizational unit level. If you are using FCDS, remember to make sure this level will fit the group into the proper location in your organization's hierarchy. |
Require unique names within this organizational unit |
If you will allow duplicate Directory entries between members of different organizational units, select "Require unique names within this organizational unit". 
NoteIf you are using FCDS, there is no requirement for unique names within an organizational unit. |
Comments |
Optional comments about this user group. |
Features tab
Use this tab to define privileges for this group.
Desktop
Calendar |
Allows users to share FirstClass calendars. Users without this privilege can use their calendars for personal organization, but cannot invite others to events. |
Contacts |
Allows users to use personal email addresses and mail lists. Users without this privilege can add entries to their Contacts folder, but cannot address mail to these entries. |
Publish web site |
Allows a user to publish a personal web home page. This home page can be accessed using HTTP and FTP. If users do not have web sites, their résumés will be displayed to anyone trying to access their web sites. You should make sure that users understand that their résumés may be published to the Internet. |
Share documents |
Allows a user to publish content stored in their personal My Shared Documents folder. Also allows other authenticated users to view the user's web page.
|
Messaging
Private mail |
Allows users to send private mail. Users without this privilege can still receive mail. |
Internet mail |
Required for server to match Internet addresses. Default is selected. |
Unsend |
Allows users to retract messages that they have sent. Even with this privilege, users cannot unsend messages that have been sent through a gateway (like Internet mail) or moved. |
Forward |
Allows users to forward mail in their Mailboxes and in conferences. When a user forwards a message, FirstClass creates another copy of the message, requiring additional storage space. If disk space is limited, you might want to restrict this privilege. |
Set expiry |
Allows users to change the expiry date for an outgoing message. The expiry set by a user overrides any other expiry settings, such as those defined for a conference or a folder. Users without this privilege can still change the expiry of messages in their own Mailboxes and personal containers. |
Make urgent |
Allows users to mark messages Urgent. Because your system and some gateways can be configured to process urgent mail on a priority basis, you might want to restrict this privilege. |
Receipt notification |
Allows users to turn on receipt generation. Because receipt notifications can increase message traffic on your server, you may want to restrict this privilege. |
Mark as unread |
Allows users to toggle messages' unread flags on and off. If a user removes a message's flag before opening it, no receipt will be generated when the user reads the message, and the user's name will not appear in the message history. |
Program mail rules |
Allows users to set up personal mail rules. |
Mailbox permissions |
Allows users to edit their Mailbox permissions. |
 Make voice call |
Allows users to make phone calls from their FirstClass client or web client by right-clicking the recipient's name and choosing "Call User". The recipient must have a valid DN dialable by Voice Services. The caller must have physical access to the phone listed first in the "Voice DN" field on his User Information form when using this feature. You must be a FirstClass Unified Communications customer to enable this feature. |
Collaboration
Conference mail |
Allows users to send mail to conferences for which they have the appropriate permissions. Users without this privilege can still read messages in any conferences for which they have the appropriate permissions. |
View presence |
Allows users to view the online status of other users and to view Who's online. |
View résumés |
Allows users to view other users' résumés. |
Create résumé |
Allows users to create personal résumés. If users do not have personal web sites, their résumés will be displayed to anyone trying to access their web sites. You should make sure that users understand that their résumés may be published to the Internet. |
Instant messaging |
Allows users to engage in real-time online text-based conversations. The names of users without this privilege are displayed in italics in the Directory and Who's Online lists. Users without this privilege can still receive and accept chat invitations from the administrator. |
Join chat rooms |
Allows users to engage in real-time online text-based conversations in public chat rooms. Users without this privilege may still open chat room transcripts posted in conferences in which they have permission to open objects. |
Create chat rooms |
Allows users to create public chat rooms. |
Share contact databases |
Allows users to share their contacts databases with other users. |
Share conferences |
Allows users to create new conferences on their Desktops, or in any container in which they have permission to do so. This privilege works with the Create conferences permission; users can only create subconferences in conferences for which they have this permission. |
Share calendars |
Allows users to create group, location, and resource calendars for collaborating with others. |
Share workspaces |
Allows users to create workgroups to share personal workspaces created on their Desktops. Workspaces may contain objects such as shared calendars and chat rooms which require the appropriate privileges to use or share. |
Publish Directory names |
Controls whether named objects are published in the Directory. Works in conjunction with Share conferences or Share calendars privileges. If a user is a member of a group with this privilege not enabled, conferences and calendars created by the user will not be listed in the Directory, including the admin Directory. These conferences cannot receive mail unless the mail is created with the New > Message command from within the conference. |
Content
Upload |
Allows users to attach files to messages and upload files. For sending attached files to conferences, this privilege works with the Send permission; users can only send attached files to conferences for which they have this permission. For uploading files directly to conferences, this privilege works with the Create items permission; users can only upload files directly to conferences for which they have this permission. If you are a FirstClass Unified Communications customer, you must give your voice users the upload privilege. |
Download |
Allows users to save attachments and download files from external folders and conferences. This privilege works with the Download permission; users can only download from conferences for which they have this permission. If you are a FirstClass Unified Communications customer, you must give your voice users the download privilege so they can listen to voice messages and receive fax messages. |
Copy to clipboard |
Allows users to copy and paste FirstClass content. |
Save to local disk |
Allows users to save FirstClass content to a local machine. |
Printing |
Allows users to print FirstClass content. |
Admin status
Subadministrator |
|
Monitor server |
Users with this privilege can toggle debugging and logging options and other commands that dump information, as well as open all server monitors and get server statistics. |
Maintain server |
Users with this privilege can do anything accessible to those with Monitor server privilege, plus: • start or stop an audit • request fast and polite shutdowns • send broadcasts • force logoff non-admin/maint/mon users • start gateways • reset services and modems • disable and enable logins • change server priority • pause, continue, resync mirrors • request a snapshot hold or release |
Access
FirstClass client |
Allows users to access the server using FirstClass client software. |
Web client |
Allows users to access the server using a web browser. If this is selected for administrators, this person can log in as administrator using a web browser. You may want to restrict this privilege in the case of administrators for security reasons. |
Voice client |
Allows users to access the server using Voice Services using a telephone. Users can also receive voice and fax messages in their mailboxes. You must be a FirstClass Unified Communications customer to enable this feature. |
Command line |
Allows users to access the server using a terminal, Telnet, or a terminal emulator. Note If all of the above access privileges are disabled, users cannot log in. |
Internet client |
Allows users to access the server using POP3 and IMAP4. |
File client |
Allows users to access the server using FTP/CIFS clients. |
Directory client |
Allows users to access the server using LDAP/finger clients. |
Work offline |
Allows users to use FirstClass Personal to access the server. Remote users cannot use this privilege. |
Special status
Once a user is given special status, that status stays in effect despite the status settings for any other group to which the user belongs. These statuses can be overridden only on a user's User Information form. Special status privileges are:
Does not expire |
Prevents users' accounts from being deleted automatically if their accounts are inactive. This privilege overrides the System Profile setting that specifies the number of days of inactivity after which user accounts are normally deleted. |
View unlisted |
Allows users to view unlisted entries (such as conferences or user names) in the Directory and the names of unlisted users in the Who's Online list. Does not allow users to see unpublished conferences. |
View user information |
Allows users to view other users' User Information forms. On all User Information forms, the password field is populated with ••••••••, but the user ID is visible. Users with this privilege see the User Information form in place of the résumé. From the User Information form, users can display the other user's résumé, but they cannot open that user's Desktop or preferences. If you consider user information to be sensitive, restrict access to this privilege. |
Edit user information |
Allows users with the View user information privilege to change any information on User Information forms, including passwords. You can use this privilege to delegate administrative tasks without granting full administrator powers. Users with this privilege cannot open the Desktop or preferences of another user, designate subadministrators, or edit the User Information forms of the administrator or subadministrators. |
Create voice menu |
Allows users to create personal voice menus. You must be a FirstClass Unified Communications customer to enable this feature. |
Allow mail relay |
Allows users to use relaying. |
Application Developer |
|
Preferences tab
Edit Preferences form |
Allows users to edit their own preferences using the Preferences form. You might want to disable this privilege for guest accounts, to make sure the accounts are always left in the same state. If you select this privilege, all settings on this tab can be overridden by the individual user on their User Preferences form. |
Change password |
Allows users to change their password. |
Separately controlled user preferences: |
Manage presence |
|
Auto forward |
Allows users to use the Auto forward, redirect and Pager features on the Preferences form. |
Auto reply |
Allows users to use the Auto reply feature on the Preferences form. |
Mail import |
Allows users to set up POP3 mail import. |
Preconfigurable user preferences: |
Desktop layout
|
Choose the preferred default Desktop layout (view properties, size, background image) for new users created for this group. |
|
Default
|
Objects on this group's model Desktop will appear on the user's model Desktop, but view properties, Desktop image and size from this model will not be applied. |
|
Copy from Model
|
This setting is used for legacy systems only. When used will copy the view properties from the model to the user's desktop. The copy happens at user creation, so no updates are ever delivered to an existing user's Desktop. |
|
Desktop View |
Must be selected to have uploaded resources automatically download to clients on login. If changes are made to the view properties, all users Desktops will be updated. The user receives the view properties from the last group he is a member of, where Desktop View is set for the Desktop layout field. |
Reply preference |
Choose the default reply preference for this user group. |
Cursor placement in reply |
Choose the default cursor placement to be used when replying to a message with quote. |
Reply tagging |
Choose how the quote attribution is displayed when replying to a message with quote. |
Forward tagging |
Choose how the forwarded message is indicated. |
Time zone
|
This is the default time zone for this group. This is useful if members of this group work in a different time zone than where the server is located. |
Client interface |
Choose the default user interface for this group. Legacy systems 8.2 and older will respect any setting in this fields. Version 8.3 has only a default user interface. |
Voicemail interface
|
If you are a FirstClass Unified Communications customer and this group has the Voice access feature enabled on the Features tab, then choose the preferred voicemail interface for this group. |
Preferred language |
Choose the preferred voicemail interface language for this group. |
Contact form |
Choose the preferred default contact form layout for this group. |
Show presence to |
Choose the level to which you want to filter this group's presence listing in the following locations: • Who's Online listing • Address fields of inbound and outbound messages • Directory listing • Contact database/contacts lists • Who and subscriber fields in conference and calendar permissions forms |
|
Default
|
This group is not affected by this feature. The system-wide default is for all users to see all users in the Who's Online listing. |
|
User Preference
|
Users of this group can set their presence preferences on their personal Preferences form. |
|
Everyone
|
All users can see if users from this group are online. |
|
My Organization
|
All users with a common organizational unit (OU) group can see if users from this group are online. |
|
My Group |
All users in the same primary OU can see if users from this group are online. |
|
No one
|
No user, except the administrator, can see if users from this group are online. |
IM Transcript |
Off |
Disallows transcripts. |
|
Force On |
Force all chats to be automatically recorded. |
|
Default |
Allows users to decide whether to create transcripts. When set to Default, the Chat Transcript option is selected by default. |
Limits tab
Use this tab to set time and disk space limits.
For each limit, the highest value defined for all groups to which a user belongs is normally the limit for that user. Override groups may affect this value.
Private mail expiry |
This is the number of days a message will stay in a user's Mailbox before it is automatically deleted. If you have given users the appropriate permissions, users can override this limit for individual messages. Deleted messages appear in the user's Trash Can for the number of days specified at Deleted mail removal. |
Daily connection limit |
The maximum number of minutes users can connect to the server during one day (from 12:01 AM to midnight). This overrides the default set on the System Profile. If a user is logged on multiple times with the same user ID, this user is considered to have been logged on for the total elapsed time for all the user's current connections. For
example, a user with a limit of 120 minutes who has two concurrent sessions, both at 60 minutes, has used up the allotted time. Note This field does not apply to the administrator
or subadministrators. |
Session inactivity limit |
The maximum number of minutes users can be inactive during a session before being logged off. This overrides the default set on the System Profile. |
Disk space limit |
The maximum amount of disk space, in kilobytes, allowed per user. Once this limit is reached, the user can no longer create items such as messages and documents, but can still receive mail. Note The administrator and subadministrators may use up to twice their allotted disk space. |
Maximum message recipients |
The maximum number of addresses a message can be sent to. This includes all To, Cc, and Bcc recipients. |
Maximum invitations |
The total number of people a user in this group can invite to a private instant messaging session or a public chat room. |
Minimum client version |
The lowest client version that can be used to log into the server. It is recommended that this be a client from the same release as the server to ensure users have access to all current client features. Note This field does not apply to the administrator or subadministrators. |
Deleted mail removal |
The number of days deleted or expired items will remain in users' Trash Cans before removal by audit. The value of "Default" is 1 day, meaning contents will be permanently removed by the next automatic full audit. |
Inactivity limit before deletion |
The maximum time a user's account can be inactive (not connected to a server) before being automatically deleted. |
Directory tab
Use this tab to define the names that this group's Directory can list. By default the Directory is filtered in the following way:
• members of Regular Users and Remote Users groups can see all members of All Users, All Conferences, and All Calendars groups.
Allow this group to view these groups |
Enter user group or conference group names to include only members of these groups in the Directory listing for the current group. All other user and conference groups on your system will be hidden from members of the current user group. Use this to include only certain user groups and/or conference groups in the group’s view of the Directory. Any user group, conference group, or calendar group listed here
will be seen in the Directory by any user who is a member of this group. All other user groups, conference groups, and calendar groups will not be listed in the Directory for all members of this user group. |
Maximum number of multimatch names |
The maximum number of names that will be listed in the Directory when a search results in multiple matches. To require exact matches, thus forcing users to know the name of the person or conference they are searching for, set this value to 1. You might want to set the limit to 1 or none for autoregistered users. The highest value defined for all groups to which a user belongs is normally the limit for that user. Override groups may affect this value. Default is unrestricted. Use this to add security to your system. If this is set to 0, then users (and unauthorized guests or autoregistered users) cannot guess partial names and access the Directory. Users will have to know the exact name of the person to whom they want to address mail. |
Visible directory fields |
Choose the fields you want displayed in the Directory listing for users in this group. To choose additional fields, click +. To remove a field, select it and click -. The order the fields appear in this list will be the order they appear in the
Directory. Note Choosing Organization will only display users' primary OU. Choosing Organizations will display all the OUs to which users belong. |
Security tab
Link encryption |
Choose the link encryption users must have specified in their Service Setup form (at login). |
Password security |
Password restrictions |
Forces users to choose passwords which are alphanumeric, or have no restrictions. Alphanumeric passwords are more difficult to guess. |
Recently used passwords |
The administrator can choose to allow recently used passwords, or to force users to choose a new password when the old one expires. If you choose to block recently used passwords, users may not reuse any of his last five (5) passwords. |
Password expiry period |
The length of time a password will be valid. Regularly changing passwords will increase security. This field is only used for GUI access (client or web). |
Minimum text password length |
Forces users to choose passwords of a minimum length. Longer passwords are more difficult to guess. This field is only used for GUI access (client or web). |
Minimum voice password length |
Forces users to choose voice passwords of a minimum length. Longer passwords are more difficult to guess. This field is only used for TUI access (phone). |
Local saving policy |
Choose whether or not to allow users to save passwords in FirstClass client settings files. It is strongly recommended to disallow this feature for the administrator and subadministrators. Note This feature is only available with FirstClass clients version 8.0 or higher. |
Attachment limitations |
This field is primarily used to stop viruses from being sent through your FirstClass system. If there is a known virus, enter the exact attachment name in this space. FirstClass will not allow uploading or downloading of this specific attachment name. This field can also be used to disallow uploading/downloading files of a specific type. Enter the file extension preceeded by a wild card. FirstClass will not allow uploading or downloading of this file type. You can set attachment limitations for the All Users group, or any groups you create. Do not set attachment limitations on any other Standard user group. |
Services tab
Use this tab to configure OU settings for Internet Services and Voice Services (if applicable).
Internet Services
Internet mail domain |
Your registered domain name. If you have only one domain name for all users, set this as the default value on the All Users Group Privileges form and do not enter anything on individual user or conference group forms. In a multi-tenant environment with several domain names, you must enter the domain name on the primary OU's Group Privileges form. This will affect the choices users have when choosing their outbound
alias for Internet mail. All domain names must also be entered on the Multiple Sites and Languages form. |
Default web domain |
If this OU has its own web domain enter it here. If nothing is entered in this field, the HTTP Server domain name from the Basic Internet Setup form will be used. |
Social Media web domain |
The registered domain name for the social media interface. |
Voice Services
This section is only applicable to FirstClass Unified Communications customers.
DN prefix |
The DN prefix is the common exchange for your company's block of numbers. If you have only one DN prefix, set this as the default value on the All Users Group Privileges form and do not enter anything on individual user or conference group forms. In a multi-tenant environment with several DN prefixes, enter the DN prefix for the specific organizational unit on the organizational unit's (user group's) Group
Privileges form. |
Operator revert DN |
If a caller presses "0", this is the number to which the call will be redirected. If you have only one preferred Operator revert DN, enter this number on the Voice Services Administration form and do not enter anything on individual user or conference group forms. In a multi-tenant environment, or a large organization, the revert DN may depend on the organizational unit or group the original call recipient is a member of. Enter the Operator revert DN on the organizational unit's (user group's) Group Privileges form. |
Dialing restrictions |
Dialing restrictions are set system-wide on the Voice Services Admin form. When you set dialing restrictions for a group or organizational unit, the settings override what is set on the Voice Services Administration form. A user's dialing restrictions are based on the user's primary organizational unit's settings. Enter dialing restrictions for
this group or organizational unit. This includes all long distance codes, and all pre-dialing codes (for example, 1 for North American long distance dialing, PBXs requiring an outside line access code (usually 9), etc). Restrictions begin with ! and accessible dialing strings have no prefix. Restricted and accessible dialing strings can be combined by separating them with commas. In all cases, the most exact match will be used. For example: • !9 disallows all calls to numbers beginning with 9. If 9 is the outside line code for your PBX, this will disallow all calls outside
of your PBX. • !9,9055551234 disallows all calls to numbers beginning with 9, but allows calls to the specific number 9055551234. • !9,905,!9055554567 disallows all calls to numbers beginning with 9, but allows all calls to area code 905 except calls to the specific number 9055554567. If this field is blank, the system will default to the
system-wide settings from the Voice Services Admin form. If this field contains !0,!1,!2,!3,!4,!5,!6,!7,!8,!9 then no outdialing is permitted for all members of this group. If this field contains 0,1,2,3,4,5,6,7,8,9 then all dialing is unrestricted for this group. |
Automatically filter Directory to this group |
If you are in a multi-tenant environment, select this option for the highest level organizational unit that encompasses all users from one company. For example: You have two companies on one system: Company A and Company B. Each is an organizational unit at the level of Company. Within each company there are several organizational units (departments, groups, teams). You want all employees of Company A to be able to see and dial all other Company A employees. You do not want Company A employees to be able to use the phone to Name dial Company B. Select Automatically filter Directory to this group for Company A organizational unit. If you set it at a more restricted level (department, for
instance) employees would be unable to see employees outside of their department. If this option is not selected at all, the dialing Directory will not be filtered and members of Company A will be able to see all members of Company B in the Directory and will have access to Name dial and other Directory dialing through Voice Services.  CautionIf a user is a member of multiple organizational units (company, department, team), only select this option for one of his organizational units (this would usually be the highest level). |
Archive Services |
|
Archive private mail |
Indicates whether to activate Archive Services. |
Retention period |
Indicates the length of time to store archived content (for example, "260 weeks", no quotes, which is the equivalent of five years). This value should match the Message expiry field on the permission form of the Archive container on the Archive Services server. |
Archive group calendar events |
Sets archiving for all group calendar events to which users in this group are creators or participants. |
Admin tab
Use this tab to allow members of this group to administer users in other groups. All users in this group will be able to view and edit the other group members' User Information forms.
Note
Do not enable the "Edit user information" feature for this group since you only want these members to administer specific groups.
Enter the group(s) that members of this group can administer.
| |
