Difference between revisions of "Delegated Administration"
(→UserAttributes) |
|||
| Line 47: | Line 47: | ||
====UserAttributes==== | ====UserAttributes==== | ||
A person who is a member of the ScailxUserAttributes group can change passwords, change the user name, add email addresses, and update contact information. He cannot set limits on the user's account size or change their authid. | A person who is a member of the ScailxUserAttributes group can change passwords, change the user name, add email addresses, and update contact information. He cannot set limits on the user's account size or change their authid. | ||
| + | [[Image:UserAttributesGeneral.jpg]] | ||
====Assigning a User to an Administrative Group==== | ====Assigning a User to an Administrative Group==== | ||
Revision as of 13:14, 15 December 2008
Administration in Scalix can seem confusing at first, because administration privileges are quite flexible and can be customized to meet the needs of just about any situation. This document explains the various administration options, which include Administrative Roles and Groups. It also takes a quick look at Scalix Administration in a Hosted environment and a Multi-Server Environment.
Contents
Scalix Administrative Roles
Scalix has four administrative roles: sxadmin, Scalix Admin, Scalix Admin Groups, and Group Manager. The Scalix Admin Groups role is not a rigidly defined role but rather contains four pre-defined administrative groups which can be used individually or combined for a great deal of flexibility. The various roles and administrative groups are
- sxadmin
- Scalix Admin
- Scalix Admin Groups
- ScalixAdmins
- ScalixGroupAdmins
- ScalixUserAdmins
- ScalixUserattributesAdmins
- Group Manager
sxadmin (The "Super Administrator")
Has full access to everything, including all of the Scalix Admin Console (SAC) tabs and all of the commands from the command line interface (CLI).
Scalix Admin
In the Small Business and Enterprise Editions, the Scalix Admin has full SAC access and limited CLI access. In the Hosted Edition the privileges are slightly curtailed - the section on administration in a Hosted Environment discusses these limitations. To give a person Scalix Admin rights, in the SAC go to the Users icon, select the user, then click on the Advanced tab. Then check the "Is full administrator" box.
To allow a Scalix Admin user CLI access, first create a unix login for the user:
# useradd -n -p <password> acme
Then associate the Scalix account with the unix login:
# ommodu -o "Acme Admin" -u acme
Now when the Acme Admin user logs in to the server as "acme" they will be able to run Scalix commands at the command line.
Scalix Administrative Groups
There are four administrative groups. A Scalix user can belong to more than one administrative group. This allows for great flexibility in delegating specific administrative rights to Scalix users.
ScalixAdmin
A member of the ScalixAdmin group can see and use the entire SAC toolbar and all related tabs, features, and options. This differs from the Scalix Admin role because a member of the ScalixAdmin group does not have CLI access. Below are screen shots of the SAC taken from an account that belongs to the ScalixAdmin group. As you can see, all icons are present in the toolbar and the ScalixAdmin group member has the ability to access all areas of the SAC. This includes access to all user and group functions plus full access to Server Info and Settings.
A member of the ScalixAdmin group as access to all toolbar icons. all tabs within each tool, and full functionality of each tab:
A member of the ScalixAdmin group can monitor, stop, and start services:
A member of the ScalixAdmins group can also view the event log:
Members of the ScalixAdmin group can also view the active users:
Members of the ScalixAdmin group can monitor the disk usage of the system:
Members of the ScalixAdmin group can also set logging levels, configure local domains, add new license keys, set password format and expiration rules, set system-wide and per-user mailbox limits, configure out-of-office settings, enable SmartCache, activate the Recovery folder, and configure User Name settings.
GroupAdmin
Members of the ScalixGroupAdmins administrative group have limited access to the Users toolbar icon and full access to the Groups toolbar icon in the SAC. They can add and remove users to any group; they do not need to be a manager of the group.
UserAdmin
A member of the ScalixUserAdmins group can only see the User icon in the toolbar. He does not have access to the "Member of" or "Manager of" tabs, so he cannot administer groups. You can, however, make a user a member of both the UserAdmin and the GroupAdmin administrative groups. A member of the UserAdmin group can create and delete users, create alias mail addresses, change a user's name, update their contact info, set limits on their account size, enable ActiveSync, or change them from Standard to Premium and vice versa.
The UserAdmin member may have a limited feature set on some of the tabs in SAC. For example, in the Advanced tab he can change the authid or grant a user full (Premium) or limited (Standard) account privileges He cannot make another user a full administrator, lock accounts, disable SWA, enable SmartCache or SIS indexing. Compare this screenshot to the screenshot of the ScalixAdmin member's Advanced tab in the Users tool earlier in this document.
UserAttributes
A person who is a member of the ScailxUserAttributes group can change passwords, change the user name, add email addresses, and update contact information. He cannot set limits on the user's account size or change their authid.
