Small company logo:
   History
 
Advertising banner:
 
 124
Home • Help • Form • 124
 
Form tabs
Use this form to specify a group's access to FirstClass features. For information about user groups and organizational units, see User groups and organizational units.
FirstClass determines a user's privileges based on the groups to which that user belongs. To see a list of the groups to which a user belongs, open the user's User Information Form. FirstClass sets the privileges specified in the first group in this list, then overrides these settings with the settings specified in the next group, and so on. Turn on advanced privileges with caution.

Group name
The name of the user group.
Model Desktop button
Opens the user group's Model Desktop.
Resources button
Opens the rules and resources folder for this group.
Rules and resources in this folder are used with Desktop templates.
Resources uploaded to this folder are sent to the client at login if "Desktop View" is selected at Desktop Layout on the Preferences tab.
Organizational unit
This field is required for multitenant environments, FirstClass Voice Services and FirstClass Directory Services (FCDS).
Choose the organizational unit level. If you are using FCDS, remember to make sure this level will fit the group into the proper location in your organization's hierarchy.
Require unique names within this organizational unit
If you will allow duplicate Directory entries between members of different organizational units, select "Require unique names within this organizational unit".
81203_42521_14.png        Note
The "Require unique user names" field on the System Profile must also be cleared to allow duplicate Directory entries.
If you are using FCDS, there is no requirement for unique names within an organizational unit.
Comments
Optional comments about this user group.



Features tab
Use this tab to define privileges for this group.
Desktop

Calendar
Allows users to share FirstClass calendars. Users without this privilege can use their calendars for personal organization, but cannot invite others to events.
Contacts
Allows users to use personal email addresses and mail lists. Users without this privilege can add entries to their Contacts folder, but cannot address mail to these entries.
Publish web site
Allows a user to publish a personal web home page. This home page can be accessed using HTTP and FTP. If users do not have web sites, their résumés will be displayed to anyone trying to access their web sites. You should make sure that users understand that their résumés may be published to the Internet.
Share documents
Allows a user to publish content stored in their personal My Shared Documents folder. Also allows other authenticated users to view the user's web page.

Messaging

Private mail
Allows users to send private mail. Users without this privilege can still receive mail.
Internet mail
Required for server to match Internet addresses. Default is selected.
Unsend
Allows users to retract messages that they have sent. Even with this privilege, users cannot unsend messages that have been sent through a gateway (like Internet mail) or moved.
Forward
Allows users to forward mail in their Mailboxes and in conferences. When a user forwards a message, FirstClass creates another copy of the message, requiring additional storage space. If disk space is limited, you might want to restrict this privilege.
Set expiry
Allows users to change the expiry date for an outgoing message. The expiry set by a user overrides any other expiry settings, such as those defined for a conference or a folder. Users without this privilege can still change the expiry of messages in their own Mailboxes and personal containers.
Make urgent
Allows users to mark messages Urgent. Because your system and some gateways can be configured to process urgent mail on a priority basis, you might want to restrict this privilege.
Receipt notification
Allows users to turn on receipt generation. Because receipt notifications can increase message traffic on your server, you may want to restrict this privilege.
Mark as unread
Allows users to toggle messages' unread flags on and off. If a user removes a message's flag before opening it, no receipt will be generated when the user reads the message, and the user's name will not appear in the message history.
Program mail rules
Allows users to set up personal mail rules.
Mailbox permissions
Allows users to edit their Mailbox permissions.
81203_40134_0.png Make voice call
Allows users to make phone calls from their FirstClass client or web client by right-clicking the recipient's name and choosing "Call User". The recipient must have a valid DN dialable by Voice Services. The caller must have physical access to the phone listed first in the "Voice DN" field on his User Information form when using this feature. You must be a FirstClass Unified Communications customer to enable this feature.
Collaboration

Conference mail
Allows users to send mail to conferences for which they have the appropriate permissions. Users without this privilege can still read messages in any conferences for which they have the appropriate permissions.
View presence
Allows users to view the online status of other users and to view Who's online.
View résumés
Allows users to view other users' résumés.
Create résumé
Allows users to create personal résumés. If users do not have personal web sites, their résumés will be displayed to anyone trying to access their web sites. You should make sure that users understand that their résumés may be published to the Internet.
Instant messaging
Allows users to engage in real-time online text-based conversations. The names of users without this privilege are displayed in italics in the Directory and Who's Online lists. Users without this privilege can still receive and accept chat invitations from the administrator.
Join chat rooms
Allows users to engage in real-time online text-based conversations in public chat rooms.
Users without this privilege may still open chat room transcripts posted in conferences in which they have permission to open objects.
Create chat rooms
Allows users to create public chat rooms.
Share contact databases
Allows users to share their contacts databases with other users.
Share conferences
Allows users to create new conferences on their Desktops, or in any container in which they have permission to do so. This privilege works with the Create conferences permission; users can only create subconferences in conferences for which they have this permission.
Share calendars
Allows users to create group, location, and resource calendars for collaborating with others.
Share workspaces
Allows users to create workgroups to share personal workspaces created on their Desktops. Workspaces may contain objects such as shared calendars and chat rooms which require the appropriate privileges to use or share.
Publish Directory names
Controls whether named objects are published in the Directory. Works in conjunction with Share conferences or Share calendars privileges. If a user is a member of a group with this privilege not enabled, conferences and calendars created by the user will not be listed in the Directory, including the admin Directory. These conferences cannot receive mail unless the mail is created with the New > Message command from within the conference.
Content

Upload
Allows users to attach files to messages and upload files. For sending attached files to conferences, this privilege works with the Send permission; users can only send attached files to conferences for which they have this permission. For uploading files directly to conferences, this privilege works with the Create items permission; users can only upload files directly to conferences for which they have this permission.
81203_40134_0.png If you are a FirstClass Unified Communications customer, you must give your voice users the upload privilege.
Download
Allows users to save attachments and download files from external folders and conferences. This privilege works with the Download permission; users can only download from conferences for which they have this permission.
81203_40134_0.png If you are a FirstClass Unified Communications customer, you must give your voice users the download privilege so they can listen to voice messages and receive fax messages.
Copy to clipboard
Allows users to copy and paste FirstClass content.
Save to local disk
Allows users to save FirstClass content to a local machine.
Printing
Allows users to print FirstClass content.
Admin status

Subadministrator
Allows you to designate members of this group as subadministrators.
Monitor server
Users with this privilege can toggle debugging and logging options and other commands that dump information, as well as open all server monitors and get server statistics.
Maintain server
Users with this privilege can do anything accessible to those with Monitor server privilege, plus:
•       start or stop an audit
•       request fast and polite shutdowns
•       send broadcasts
•       force logoff non-admin/maint/mon users
•       start gateways
•       reset services and modems
•       disable and enable logins
•       change server priority
•       pause, continue, resync mirrors
•       request a snapshot hold or release
Access

FirstClass client
Allows users to access the server using FirstClass client software.
Web client
Allows users to access the server using a web browser. If this is selected for administrators, this person can log in as administrator using a web browser. You may want to restrict this privilege in the case of administrators for security reasons.
81203_40134_0.png Voice client
Allows users to access the server using Voice Services using a telephone. Users can also receive voice and fax messages in their mailboxes. You must be a FirstClass Unified Communications customer to enable this feature.
Command line
Allows users to access the server using a terminal, Telnet, or a terminal emulator.
81203_42521_14.png        Note
If all of the above access privileges are disabled, users cannot log in.
Internet client
Allows users to access the server using POP3 and IMAP4.
File client
Allows users to access the server using FTP/CIFS clients.
Directory client
Allows users to access the server using LDAP/finger clients.
Work offline
Allows users to use FirstClass Personal to access the server. Remote users cannot use this privilege.
Special status
Once a user is given special status, that status stays in effect despite the status settings for any other group to which the user belongs. These statuses can be overridden only on a user's User Information form. Special status privileges are:

Does not expire
Prevents users' accounts from being deleted automatically if their accounts are inactive. This privilege overrides the System Profile setting that specifies the number of days of inactivity after which user accounts are normally deleted.
View unlisted
Allows users to view unlisted entries (such as conferences or user names) in the Directory and the names of unlisted users in the Who's Online list.
Does not allow users to see unpublished conferences.
View user information
Allows users to view other users' User Information forms.
On all User Information forms, the password field is populated with ••••••••, but the user ID is visible. Users with this privilege see the User Information form in place of the résumé. From the User Information form, users can display the other user's résumé, but they cannot open that user's Desktop or preferences. If you consider user information to be sensitive, restrict access to this privilege.
Edit user information
Allows users with the View user information privilege to change any information on User Information forms, including passwords. You can use this privilege to delegate administrative tasks without granting full administrator powers. Users with this privilege cannot open the Desktop or preferences of another user, designate subadministrators, or edit the User Information forms of the administrator or subadministrators.
81203_40134_0.png Create voice menu
Allows users to create personal voice menus. You must be a FirstClass Unified Communications customer to enable this feature.
Allow mail relay
Allows users to use relaying.
Application Developer
Allows users to create Application rules.



Preferences tab

Edit Preferences form
Allows users to edit their own preferences using the Preferences form. You might want to disable this privilege for guest accounts, to make sure the accounts are always left in the same state. If you select this privilege, all settings on this tab can be overridden by the individual user on their User Preferences form.
Change password
Allows users to change their password.
Separately controlled user preferences:
Manage presence
Allows users to control their presence preferences.
Auto forward
Allows users to use the Auto forward, redirect and Pager features on the Preferences form.
Auto reply
Allows users to use the Auto reply feature on the Preferences form.
Mail import
Allows users to set up POP3 mail import.
Preconfigurable user preferences:
Desktop layout


Choose the preferred default Desktop layout (view properties, size, background image) for new users created for this group.
Default


Objects on this group's model Desktop will appear on the user's model Desktop, but view properties, Desktop image and size from this model will not be applied.
Copy from Model

This setting is used for legacy systems only.
When used will copy the view properties from the model to the user's desktop. The copy happens at user creation, so no updates are ever delivered to an existing user's Desktop.
Desktop View
Must be selected to have uploaded resources automatically download to clients on login. If changes are made to the view properties, all users Desktops will be updated. The user receives the view properties from the last group he is a member of, where Desktop View is set for the Desktop layout field.
Reply preference
Choose the default reply preference for this user group.
Cursor placement in reply
Choose the default cursor placement to be used when replying to a message with quote.
Reply tagging
Choose how the quote attribution is displayed when replying to a message with quote.
Forward tagging
Choose how the forwarded message is indicated.
Time zone


This is the default time zone for this group. This is useful if members of this group work in a different time zone than where the server is located.
Client interface
Choose the default user interface for this group.
Legacy systems 8.2 and older will respect any setting in this fields.
Version 8.3 has only a default user interface.
81203_40134_0.png Voicemail interface


If you are a FirstClass Unified Communications customer and this group has the Voice access feature enabled on the Features tab, then choose the preferred voicemail interface for this group.
Preferred language
Choose the preferred voicemail interface language for this group.
Contact form
Choose the preferred default contact form layout for this group.
Show presence to
Choose the level to which you want to filter this group's presence listing in the following locations:
•       Who's Online listing
•       Address fields of inbound and outbound messages
•       Directory listing
•       Contact database/contacts lists
•       Who and subscriber fields in conference and calendar permissions forms
Default


This group is not affected by this feature. The system-wide default is for all users to see all users in the Who's Online listing.
User Preference

Users of this group can set their presence preferences on their personal Preferences form.
Everyone


All users can see if users from this group are online.
My Organization


All users with a common organizational unit (OU) group can see if users from this group are online.
My Group
All users in the same primary OU can see if users from this group are online.
No one

No user, except the administrator, can see if users from this group are online.
IM Transcript
Off
Disallows transcripts.
Force On
Force all chats to be automatically recorded.
Default
Allows users to decide whether to create transcripts. When set to Default, the Chat Transcript option is selected by default.




Limits tab
Use this tab to set time and disk space limits.
For each limit, the highest value defined for all groups to which a user belongs is normally the limit for that user. Override groups may affect this value.

Private mail expiry
This is the number of days a message will stay in a user's Mailbox before it is automatically deleted. If you have given users the appropriate permissions, users can override this limit for individual messages. Deleted messages appear in the user's Trash Can for the number of days specified at Deleted mail removal.
Daily connection limit
The maximum number of minutes users can connect to the server during one day (from 12:01 AM to midnight). This overrides the default set on the System Profile.
If a user is logged on multiple times with the same user ID, this user is considered to have been logged on for the total elapsed time for all the user's current connections. For example, a user with a limit of 120 minutes who has two concurrent sessions, both at 60 minutes, has used up the allotted time.
81203_42521_14.png        Note
This field does not apply to the administrator or subadministrators.
Session inactivity limit
The maximum number of minutes users can be inactive during a session before being logged off. This overrides the default set on the System Profile.
Disk space limit
The maximum amount of disk space, in kilobytes, allowed per user. Once this limit is reached, the user can no longer create items such as messages and documents, but can still receive mail.
81203_42521_14.png        Note
The administrator and subadministrators may use up to twice their allotted disk space.
Maximum message recipients
The maximum number of addresses a message can be sent to. This includes all To, Cc, and Bcc recipients.
Maximum invitations
The total number of people a user in this group can invite to a private instant messaging session or a public chat room.
Minimum client version
The lowest client version that can be used to log into the server. It is recommended that this be a client from the same release as the server to ensure users have access to all current client features.
81203_42521_14.png         Note
This field does not apply to the administrator or subadministrators.
Deleted mail removal
The number of days deleted or expired items will remain in users' Trash Cans before removal by audit. The value of "Default" is 1 day, meaning contents will be permanently removed by the next automatic full audit.



Directory tab
Use this tab to define the names that this group's Directory can list. By default the Directory is filtered in the following way:
•       members of Regular Users and Remote Users groups can see all members of All Users, All Conferences, and All Calendars groups.

Allow this group to view these groups
Enter user group or conference group names to include only members of these groups in the Directory listing for the current group. All other user and conference groups on your system will be hidden from members of the current user group.
Use this to include only certain user groups and/or conference groups in the group’s view of the Directory.
Any user group, conference group, or calendar group listed here will be seen in the Directory by any user who is a member of this group. All other user groups, conference groups, and calendar groups will not be listed in the Directory for all members of this user group.
Maximum number of multimatch names
The maximum number of names that will be listed in the Directory when a search results in multiple matches. To require exact matches, thus forcing users to know the name of the person or conference they are searching for, set this value to 1. You might want to set the limit to 1 or none for autoregistered users.
The highest value defined for all groups to which a user belongs is normally the limit for that user. Override groups may affect this value.
Default is unrestricted. Use this to add security to your system. If this is set to 0, then users (and unauthorized guests or autoregistered users) cannot guess partial names and access the Directory. Users will have to know the exact name of the person to whom they want to address mail.
Visible directory fields
Choose the fields you want displayed in the Directory listing for users in this group.
To choose additional fields, click +.
To remove a field, select it and click -.
The order the fields appear in this list will be the order they appear in the Directory.
81203_42521_14.png        Note
Choosing Organization will only display users' primary OU. Choosing Organizations will display all the OUs to which users belong.



Security tab

Link encryption
Choose the link encryption users must have specified in their Service Setup form (at login).
Password security
Password restrictions
Forces users to choose passwords which are alphanumeric, or have no restrictions. Alphanumeric passwords are more difficult to guess.
Recently used passwords
The administrator can choose to allow recently used passwords, or to force users to choose a new password when the old one expires. If you choose to block recently used passwords, users may not reuse any of his last five (5) passwords.
Password expiry period
The length of time a password will be valid. Regularly changing passwords will increase security. This field is only used for GUI access (client or web).
Minimum text password length
Forces users to choose passwords of a minimum length. Longer passwords are more difficult to guess. This field is only used for GUI access (client or web).
81203_40134_0.png Minimum voice password length
Forces users to choose voice passwords of a minimum length. Longer passwords are more difficult to guess. This field is only used for TUI access (phone).
Local saving policy
Choose whether or not to allow users to save passwords in FirstClass client settings files. It is strongly recommended to disallow this feature for the administrator and subadministrators.
81203_42521_14.png        Note
This feature is only available with FirstClass clients version 8.0 or higher.
Attachment limitations
This field is primarily used to stop viruses from being sent through your FirstClass system. If there is a known virus, enter the exact attachment name in this space. FirstClass will not allow uploading or downloading of this specific attachment name.
This field can also be used to disallow uploading/downloading files of a specific type. Enter the file extension preceeded by a wild card. FirstClass will not allow uploading or downloading of this file type.
You can set attachment limitations for the All Users group, or any groups you create. Do not set attachment limitations on any other Standard user group.



Services tab
Use this tab to configure OU settings for Internet Services and Voice Services (if applicable).
Internet Services

Internet mail domain
Your registered domain name.
If you have only one domain name for all users, set this as the default value on the All Users Group Privileges form and do not enter anything on individual user or conference group forms.
In a multi-tenant environment with several domain names, you must enter the domain name on the primary OU's Group Privileges form. This will affect the choices users have when choosing their outbound alias for Internet mail. All domain names must also be entered on the Multiple Sites and Languages form.
Default web domain
If this OU has its own web domain enter it here. If nothing is entered in this field, the HTTP Server domain name from the Basic Internet Setup form will be used.
81203_40134_0.png Voice Services
This section is only applicable to FirstClass Unified Communications customers.

DN prefix
The DN prefix is the common exchange for your company's block of numbers.
If you have only one DN prefix, set this as the default value on the All Users Group Privileges form and do not enter anything on individual user or conference group forms.
In a multi-tenant environment with several DN prefixes, enter the DN prefix for the specific organizational unit on the organizational unit's (user group's) Group Privileges form.
Operator revert DN
If a caller presses "0", this is the number to which the call will be redirected.
If you have only one preferred Operator revert DN, enter this number on the Voice Services Administration form and do not enter anything on individual user or conference group forms.
In a multi-tenant environment, or a large organization, the revert DN may depend on the organizational unit or group the original call recipient is a member of. Enter the Operator revert DN on the organizational unit's (user group's) Group Privileges form.  
Dialing restrictions
Dialing restrictions are set system-wide on the Voice Services Admin form. When you set dialing restrictions for a group or organizational unit, the settings override what is set on the Voice Services Administration form. A user's dialing restrictions are based on the user's primary organizational unit's settings.
Enter dialing restrictions for this group or organizational unit. This includes all long distance codes, and all pre-dialing codes (for example, 1 for North American long distance dialing, PBXs requiring an outside line access code (usually 9), etc).
Restrictions begin with ! and accessible dialing strings have no prefix. Restricted and accessible dialing strings can be combined by separating them with commas. In all cases, the most exact match will be used. For example:
•       !9 disallows all calls to numbers beginning with 9. If 9 is the outside line code for your PBX, this will disallow all calls outside of your PBX.
•       !9,9055551234 disallows all calls to numbers beginning with 9, but allows calls to the specific number 9055551234.
•       !9,905,!9055554567 disallows all calls to numbers beginning with 9, but allows all calls to area code 905 except calls to the specific number 9055554567.
If this field is blank, the system will default to the system-wide settings from the Voice Services Admin form. If this field contains !0,!1,!2,!3,!4,!5,!6,!7,!8,!9 then no outdialing is permitted for all members of this group. If this field contains 0,1,2,3,4,5,6,7,8,9 then all dialing is unrestricted for this group.
Automatically filter Directory to this group
If you are in a multi-tenant environment, select this option for the highest level organizational unit that encompasses all users from one company.
For example:
You have two companies on one system: Company A and Company B. Each is an organizational unit at the level of Company.
Within each company there are several organizational units (departments, groups, teams).
You want all employees of Company A to be able to see and dial all other Company A employees.
You do not want Company A employees to be able to use the phone to Name dial Company B.
Select Automatically filter Directory to this group for Company A organizational unit. If you set it at a more restricted level (department, for instance) employees would be unable to see employees outside of their department.
If this option is not selected at all, the dialing Directory will not be filtered and members of Company A will be able to see all members of Company B in the Directory and will have access to Name dial and other Directory dialing through Voice Services.
4272004_110434_1.pngCaution
If a user is a member of multiple organizational units (company, department, team), only select this option for one of his organizational units (this would usually be the highest level).
Archive Services
Archive private mail
Indicates whether to activate Archive Services.
Retention period
Indicates the length of time to store archived content (for example, "260 weeks", no quotes, which is the equivalent of five years).
This value should match the Message expiry field on the permission form of the Archive container on the Archive Services server.
Archive group calendar events
Sets archiving for all group calendar events to which users in this group are creators or participants.



Admin tab
Use this tab to allow members of this group to administer users in other groups. All users in this group will be able to view and edit the other group members' User Information forms.
81203_42521_14.png        Note
Do not enable the "Edit user information" feature for this group since you only want these members to administer specific groups.
Enter the group(s) that members of this group can administer.