Access rights are set on the basis of group/administrator pairs. By default, any group that has been associated with an administrator account has full access rights enabled. In this step you will change the permissions as necessary, so that some of the administrators will only be able to access certain tabs and options in the Groups Web Interface.
The access rights will be granted as follows:
Role | Username | Access Rights |
---|---|---|
Assistant Administrator | GeorgeC | Full access to all domains. |
Business Administrator | FrankB | Full access within the "business" domain. |
Science Administrator | SusanS | Full access within the "science" domain. |
Helpdesk | JerryS | Allow and block lists for all domains (no other Configuration options), online help access, quarantine (with no preview options) and no access to reports. |
Human Resources Administrator | TanyaH | "Offensive Words" watch list for all domains, online help access, quarantine access (for reason "offensive" only), and no access to reports. |
In this tutorial, the Assistant Administrator (GeorgeC) has responsibility for all of the domains. Since full access rights were granted by default when you associated this user with each of the three groups, there is no need to modify the permissions for GeorgeC. The same is true for FrankB (Business Administrator) and SusanS (Science Administrator), who already have full access to their respective domains.
For rest of the administrators, however, you will have to restrict access to certain features. This is accomplished by specifying the --group, --user, --permission and --value (usually ''on" or ''off") for specific permissions or groups of permissions.
To set permissions for the Helpdesk and Human Resources administrators:
Helpdesk - JerryS
pmx-group --set-perm --group sophos --user JerryS --permission configuration.document.policy-description --value read pmx-group --set-perm --group sophos --user JerryS --permission configuration.policysettings --value off pmx-group --set-perm --group sophos --user JerryS --permission quarantine.preview --value off pmx-group --set-perm --group sophos --user JerryS --permission reports --value off pmx-group --set-perm --group business --user JerryS --permission configuration.document.policy-description --value read pmx-group --set-perm --group business --user JerryS --permission configuration.policysettings --value off pmx-group --set-perm --group business --user JerryS --permission quarantine.preview --value off pmx-group --set-perm --group business --user JerryS --permission reports --value off pmx-group --set-perm --group science --user JerryS --permission configuration.document.policy-description --value read pmx-group --set-perm --group science --user JerryS --permission configuration.policysettings --value off pmx-group --set-perm --group science --user JerryS --permission quarantine.preview --value off pmx-group --set-perm --group science --user JerryS --permission reports --value off
Human Resources Administrator - TanyaH
pmx-group --set-perm --group sophos --user TanyaH --permission configuration.document.policy-description --value read pmx-group --set-perm --group sophos --user TanyaH --permission configuration.lists.allowed-relays-per-group --value off pmx-group --set-perm --group sophos --user TanyaH --permission configuration.lists.allowed-senders-per-group --value off pmx-group --set-perm --group sophos --user TanyaH --permission configuration.lists.blocked-relays-per-group --value off pmx-group --set-perm --group sophos --user TanyaH --permission configuration.lists.blocked-senders-per-group --value off pmx-group --set-perm --group sophos --user TanyaH --permission configuration.policysettings --value off pmx-group --set-perm --group sophos --user TanyaH --permission help --value off pmx-group --set-perm --group sophos --user TanyaH --permission quarantine.actions --value off pmx-group --set-perm --group sophos --user TanyaH --permission quarantine.actions.approve --value off pmx-group --set-perm --group sophos --user TanyaH --permission quarantine.actions.delete --value off pmx-group --set-perm --group sophos --user TanyaH --permission quarantine.actions.forward --value off pmx-group --set-perm --group sophos --user TanyaH --permission quarantine.actions.report --value off pmx-group --set-perm --group sophos --user TanyaH --permission quarantine.actions.save --value off pmx-group --set-perm --group sophos --user TanyaH --permission quarantine.preview.attachments --value off pmx-group --set-perm --group sophos --user TanyaH --permission quarantine.preview.attachments.download --value off pmx-group --set-perm --group sophos --user TanyaH --permission quarantine.preview.content --value off pmx-group --set-perm --group sophos --user TanyaH --permission quarantine.preview.info --value off pmx-group --set-perm --group sophos --user TanyaH --permission quarantine.preview.source --value off pmx-group --set-perm --group sophos --user TanyaH --permission quarantine.preview.status --value off pmx-group --set-perm --group sophos --user TanyaH --permission quarantine.reason.blacklisted --value off pmx-group --set-perm --group sophos --user TanyaH --permission quarantine.reason.spam --value off pmx-group --set-perm --group sophos --user TanyaH --permission quarantine.reason.virus --value off pmx-group --set-perm --group sophos --user TanyaH --permission reports --value off pmx-group --set-perm --group business --user TanyaH --permission configuration.document.policy-description --value read pmx-group --set-perm --group business --user TanyaH --permission configuration.lists.allowed-relays-per-group --value off pmx-group --set-perm --group business --user TanyaH --permission configuration.lists.allowed-senders-per-group --value off pmx-group --set-perm --group business --user TanyaH --permission configuration.lists.blocked-relays-per-group --value off pmx-group --set-perm --group business --user TanyaH --permission configuration.lists.blocked-senders-per-group --value off pmx-group --set-perm --group business --user TanyaH --permission configuration.policysettings --value off pmx-group --set-perm --group business --user TanyaH --permission help --value off pmx-group --set-perm --group business --user TanyaH --permission quarantine.actions --value off pmx-group --set-perm --group business --user TanyaH --permission quarantine.actions.approve --value off pmx-group --set-perm --group business --user TanyaH --permission quarantine.actions.delete --value off pmx-group --set-perm --group business --user TanyaH --permission quarantine.actions.forward --value off pmx-group --set-perm --group business --user TanyaH --permission quarantine.actions.report --value off pmx-group --set-perm --group business --user TanyaH --permission quarantine.actions.save --value off pmx-group --set-perm --group business --user TanyaH --permission quarantine.preview.attachments --value off pmx-group --set-perm --group business --user TanyaH --permission quarantine.preview.attachments.download --value off pmx-group --set-perm --group business --user TanyaH --permission quarantine.preview.content --value off pmx-group --set-perm --group business --user TanyaH --permission quarantine.preview.info --value off pmx-group --set-perm --group business --user TanyaH --permission quarantine.preview.source --value off pmx-group --set-perm --group business --user TanyaH --permission quarantine.preview.status --value off pmx-group --set-perm --group business --user TanyaH --permission quarantine.reason.blacklisted --value off pmx-group --set-perm --group business --user TanyaH --permission quarantine.reason.spam --value off pmx-group --set-perm --group business --user TanyaH --permission quarantine.reason.virus --value off pmx-group --set-perm --group business --user TanyaH --permission reports --value off pmx-group --set-perm --group science --user TanyaH --permission configuration.document.policy-description --value read pmx-group --set-perm --group science --user TanyaH --permission configuration.lists.allowed-relays-per-group --value off pmx-group --set-perm --group science --user TanyaH --permission configuration.lists.allowed-senders-per-group --value off pmx-group --set-perm --group science --user TanyaH --permission configuration.lists.blocked-relays-per-group --value off pmx-group --set-perm --group science --user TanyaH --permission configuration.lists.blocked-senders-per-group --value off pmx-group --set-perm --group science --user TanyaH --permission configuration.policysettings --value off pmx-group --set-perm --group science --user TanyaH --permission help --value off pmx-group --set-perm --group science --user TanyaH --permission quarantine.actions --value off pmx-group --set-perm --group science --user TanyaH --permission quarantine.actions.approve --value off pmx-group --set-perm --group science --user TanyaH --permission quarantine.actions.delete --value off pmx-group --set-perm --group science --user TanyaH --permission quarantine.actions.forward --value off pmx-group --set-perm --group science --user TanyaH --permission quarantine.actions.report --value off pmx-group --set-perm --group science --user TanyaH --permission quarantine.actions.save --value off pmx-group --set-perm --group science --user TanyaH --permission quarantine.preview.attachments --value off pmx-group --set-perm --group science --user TanyaH --permission quarantine.preview.attachments.download --value off pmx-group --set-perm --group science --user TanyaH --permission quarantine.preview.content --value off pmx-group --set-perm --group science --user TanyaH --permission quarantine.preview.info --value off pmx-group --set-perm --group science --user TanyaH --permission quarantine.preview.source --value off pmx-group --set-perm --group science --user TanyaH --permission quarantine.preview.status --value off pmx-group --set-perm --group science --user TanyaH --permission quarantine.reason.blacklisted --value off pmx-group --set-perm --group science --user TanyaH --permission quarantine.reason.spam --value off pmx-group --set-perm --group science --user TanyaH --permission quarantine.reason.virus --value off pmx-group --set-perm --group science --user TanyaH --permission reports --value off
The permissions are disabled for the specified users.
The pmx-group command is also used to view permissions for a specific group/administrator pair. For example, you can view the complete list of permissions that the user "TanyaH" has for the "business" group by running the following command:
pmx-group --view-perm --group business --user TanyaH
For additional information, see "Setting Group Access Rights" and "Viewing Group Access Rights".
You have completed the tutorial. The groups you created can now be administered according to the roles and permissions you defined.