Use this form to specify a group's access to FirstClass features. For information about user groups and organizational units, see User groups and organizational units.The name of the user group.
FirstClass determines a user's privileges based on the groups to which that user belongs. To see a list of the groups to which a user belongs, open the user's User Information Form. FirstClass sets the privileges specified in the first group in this list, then overrides these settings with the settings specified in the next group, and so on. Turn on advanced privileges with caution.
Model Desktop buttonOpens the user group's Model Desktop.
Organizational unitThis field is required for multitenant environments and FirstClass Directory Services (FCDS).
Choose the organizational unit level. If you are using FCDS, remember to make sure this level will fit the group into the proper location in your organization's hierarchy.If you will allow duplicate Directory entries between members of different organizational units, select "Require unique names within this organizational unit".
Require unique names within this organizational unit
If you are using FCDS, there is no requirement for unique names within an organizational unit.Comments about this user group.
Use this tab to define privileges for this group.Allows users to use FirstClass calendars.
ContactsAllows users to use personal email addresses and mail lists. Users without this privilege can add entries to their Contacts folder, but cannot address mail to these entries.
Publish web siteAllows a user to create a personal web home page. This home page can be accessed using HTTP and FTP. If users do not have web sites, their résumés will be displayed to anyone trying to access their web sites. You should make sure that users understand that their résumés may be published to the Internet.
Share documentsAllows a user to publish content stored in their personal My Shared Documents folder.
MessagingAllows users to send private mail. Users without this privilege can still receive mail.
Conference mailAllows users to send mail to conferences for which they have the appropriate permissions. Users without this privilege can still read messages in any conferences for which they have the appropriate permissions.
UnsendAllows users to retract messages that they have sent. Even with this privilege, users cannot unsend messages that have been sent through a gateway or moved.
ForwardAllows users to forward mail in their Mailboxes and in conferences. When a user forwards a message, FirstClass creates another copy of the message, requiring additional storage space. Therefore, you might want to restrict this privilege.
Set expiryAllows users to change the expiry date for an outgoing message. The expiry set by a user overrides any other expiry settings, such as those defined for a conference. Users without this privilege can still change the expiry of messages in their own Mailboxes.
Make urgentAllows users to mark messages Urgent. Because your system and some gateways can be configured to process urgent mail on a priority basis, you might want to restrict this privilege.
Receipt notificationAllows users to turn on receipt generation. Because receipt notifications can increase message traffic on your server, you may want to restrict this privilege.
Mark as unreadAllows users to toggle messages' unread flags on and off. If a user removes a message's flag before opening it, no receipt will be generated when the user reads the message, and the user's name will not appear in the message history.
Program mail rulesAllows users to set up personal mail rules.
Mailbox permissionsAllows users to edit their Mailbox permissions.
Make voice callAllows users to make phone calls from their FirstClass client or web client by right-clicking the recipient's name and choosing "Call User". The recipient must have a valid DN dialable by Voice Services. The caller must have physical access to the phone listed first in the "Voice DN" field on his User Information form when using this feature. You must be a FirstClass Unified Communications customer to enable this feature.
CollaborationAllows users to view the online status of other users and to view Who's online.
View résumésAllows users to view the résumés of other users.
Create résumésAllows users to create personal résumés. If users do not have personal web sites, their résumés will be displayed to anyone trying to access their web sites. You should make sure that users understand that their résumés may be published to the Internet.
Private chatAllows users to engage in real-time online text-based conversations. The names of users without this privilege are displayed in italics in the Directory and Who's Online lists. Users without this privilege can still receive and accept chat invitations from the administrator.
Join public chatAllows users to engage in real-time online text-based conversations in public chat forums.
Create public chatAllows users to create public chat forums.
Create shared contactsAllows users to create shared contacts databases.
Create conferencesAllows users to create new conferences on their Desktops, or in any container in which they have permission to do so. This privilege works with the Create conferences permission; users can only create subconferences in conferences for which they have this permission.
Create calendarsAllows users to create calendars.
Publish Directory namesControls whether named objects are published in the Directory. Works in conjunction with Create conferences or Create calendars privileges. If a user is a member of a group with this privilege not enabled, conferences and calendars created by the user will not be listed in the Directory, including the admin Directory. These conferences cannot receive mail unless the mail is created with the New > Message command from within the conference.
ContentAllows users to search conferences. This privilege works with the Search permission; users can only search conferences for which they have this permission.
Users can always search their personal Mailbox and folders on their Desktop.
UploadAllows users to attach files to messages and upload files. For sending attached files to conferences, this privilege works with the Send permission; users can only send attached files to conferences for which they have this permission. For uploading files directly to conferences, this privilege works with the Create folders & files permission; users can only upload files directly to conferences for which they have this permission.
If you are a FirstClass Unified Communications customer, you must give your voice users the upload privilege.
DownloadAllows users to save attachments and download files from external folders and conferences. This privilege works with the Download permission; users can only download from conferences for which they have this permission.
If you are a FirstClass Unified Communications customer, you must give your voice users the download privilege so they can listen to voice messages and receive fax messages.
Copy to clipboardAllows users to copy and paste FirstClass content.
Save to local diskAllows users to save FirstClass content to a local machine.
PrintingAllows users to print FirstClass content.
Once a user is given special status, that status stays in effect despite the status settings for any other group to which the user belongs. These statuses can be overridden only on a user's User Information form. Special status privileges are:
SubadministratorAllows you to designate members of this group as subadministrators.
Does not expirePrevents users from being deleted automatically if their accounts are inactive. This privilege overrides the System Profile setting that specifies the number of days of inactivity after which users are normally deleted.
View unlistedAllows users to view unlisted entries (such as conferences or user names) in the Directory and the names of unlisted users in the Who's Online list.
View user informationAllows users to view other users' information forms. On the user information form of another user, the password field is blanked out, but the user ID is visible. Users with this privilege see the user information form in place of the résumé. From the user information form, users can display the other user's résumé, but they cannot open that user's Desktop or preferences. If you consider user information to be sensitive, restrict access to this privilege.
Edit user informationAllows users with the View user information privilege to change all information on user information forms, including passwords. You can use this privilege to delegate administrative tasks without granting full administrator powers. Users with this privilege cannot open the Desktop or preferences of another user, designate subadministrators, or edit the user information forms of the administrator or subadministrators.
Create voice menuAllows users to create personal voice menus. You must be a FirstClass Unified Communications customer to enable this feature.
Allow mail relayAllows users to use relaying.
AccessAllows users to access the server using FirstClass client software.
Web clientAllows users to access the server using a web browser. If this is selected for administrators, this person can log in as administrator using a web browser. You may want to restrict this privilege in the case of administrators for security reasons.
Voice clientAllows users to access the server using Voice Services using a telephone. Users can also receive voice and fax messages in their mailboxes. You must be a FirstClass Unified Communications customer to enable this feature.
Command lineAllows users to access the server using a terminal, Telnet, or a terminal emulator.
If all of the above access privileges are disabled, users cannot log in.
Internet clientAllows users to access the server using POP3 and IMAP4.
File clientAllows users to access the server using FTP/CIFS clients.
Directory clientAllows users to access the server using LDAP/finger clients.
Work offlineAllows users to use FirstClass Personal to access the server. Remote users cannot use this privilege.
Allows users to edit own Preferences formAllows users to edit their own preferences using the Preferences form. You might want to disable this privilege for guest accounts, to make sure the accounts are always left in the same state. If you select this privilege, all settings on this tab can be overridden by the individual user on the User Preferences form.
Change passwordAllows users to change their password.
These preferences can be controlled separately:Allows users to control their presence preferences.
Auto forwardAllows users to use the Auto forward and Pager features on the Preferences form.
Auto replyAllows users to use the Auto reply feature on the Preferences form.
Mail importAllows users to set up POP3 mail import.
Preconfigurable user preferencesChoose the default reply preference for this user group.
Time zoneThis is the default time zone for this group. This is useful if members of this group work in a different time zone than where the server is installed.
Client interfaceChoose the default user interface for this group. Users migrating from a Windows Exchange environment may find the FirstClass Explore interfaces more familiar.
Voicemail interfaceIf you are a FirstClass Unified Communications customer and this group has the Voice access feature enabled on the Features tab, then choose the preferred voicemail interface for this group.
Preferred languageChoose the preferred voicemail interface language for this group.
Contact formChoose the preferred default contact form layout for this group.
Show presence toChoose the level to which you want to filter this group's presence listing in the following locations:
Who's Online listing Address fields of inbound and outbound messages
Contact database/contacts lists
Who and subscriber fields in conference and calendar permissions forms
DefaultThis group is not affected by this feature. The system-wide default is for all users to see all users in the Who's Online listing.
User PreferenceUsers of this group can set their presence preferences on their personal Preferences form.
EveryoneAll users can see if users from this group are online.
My OrganizationAll users with a common organizational unit (OU) group can see if users from this group are online.
My GroupAll users in the same primary OU can see if users from this group are online.
No-oneNo user, except the administrator, can see if users from this group are online.
Desktop layoutChoose the preferred default Desktop layout (view properties, size, background image) for new users created for this group.
DefaultObjects on this model Desktop will appear on the user's model Desktop, but view properties, Desktop image and size from this model will not model.
Copy from ModelUsed for the All users group or primary organizational unit groups, this option models all Desktop objects, plus the view properties, background image and size to the user's Desktop.
Use this tab to set time and disk space limits.This is the number of days a message will stay in a user's Mailbox before it is automatically deleted. If you have given users the appropriate permissions, users can override this limit for individual messages.
For each limit, the highest value defined for all groups to which a user belongs is normally the limit for that user. Override groups may affect this value.
Private mail expiry
Daily connection limitThe maximum number of minutes users can connect to the server during one day (from 12:01 AM to midnight). This overrides the default set on the System Profile.
If a user is logged on multiple times with the same user ID, this user is considered to have been logged on for the total elapsed time for all the user's current connections. For example, a user with a limit of 120 minutes who has two concurrent sessions, both at 60 minutes, has used up the allotted time.
This field does not apply to the administrator or subadministrators.
Session inactivity limitThe maximum number of minutes users can be inactive during a session before being logged off. This overrides the default set on the System Profile.
Disk space limitThe maximum amount of disk space, in kilobytes, allowed per user. Once this limit is reached, the user can no longer create items such as messages and documents, but can still receive mail.
The administrator and subadministrators may use up to twice their allotted disk space.
Maximum message recipientsThe maximum number of addresses a message can be sent to. This includes all To, Cc, and Bcc recipients.
Maximum invitesThe total number of people a user in this group can invite to a private or public chat session.
Minimum client versionThe lowest client version that can be used to log into the server. It is recommended that this be a client from the same release as the server to ensure users have access to all current client features.
This field does not apply to the administrator or subadministrators.
Use this tab to define the names that this group's Directory can list. By default the Directory is filtered in the following way:
members of Regular Users and Remote Users groups can see all members of All Users, All Conferences, and All Calendars groups.
Allow this group to view these groupsEnter user group or conference group names to include only members of these groups in the Directory listing for the current group. All other user and conference groups on your system will be hidden from members of the current user group.
Use this to include only certain user groups and/or conference groups in the groups view of the Directory. The maximum number of names that will be listed in the Directory when a search results in multiple matches. To require exact matches, thus forcing users to know the name of the person or conference they are searching for, set this value to 1. You might want to set the limit to 1 or none for autoregistered users.
Any user group, conference group, or calendar group listed here will be seen in the Directory by any user who is a member of this group. All other user groups, conference groups, and calendar groups will not be listed in the Directory for all members of this user group.
Maximum number of multimatch names
The highest value defined for all groups to which a user belongs is normally the limit for that user. Override groups may affect this value.Choose the fields you want displayed in the Directory listing for users in this group. To choose additional fields, click +. The order the fields are listed in the Directory will be the order they appear in this list.
Default is unrestricted. Use this to add security to your system. If this is set to 0, then users (and unauthorized guests or autoregistered users) cannot guess partial names and access the Directory. Users will have to know the exact name of the person to whom they want to address mail.
Visible directory fields
Link encryptionChoose the link encryption users must have specified in their Service Setup form (at login).
Password securityForces users to choose passwords which are alphanumeric, or have no restrictions. Alphanumeric passwords are more difficult to guess.
Recently used passwordsThe administrator can choose to allow recently used passwords, or to force users to choose a new password when the old one expires. If you choose to block recently used passwords, users may not reuse any of his last five (5) passwords.
Password expiry periodThe length of time a password will be valid. Regularly changing passwords will increase security. This field is only used for GUI access (client or web).
Minimum text password lengthForces users to choose passwords of a minimum length. Longer passwords are more difficult to guess. This field is only used for GUI access (client or web).
Minimum voice password lengthForces users to choose voice passwords of a minimum length. Longer passwords are more difficult to guess. This field is only used for TUI access (phone).
Local saving policyChoose whether or not to allow users to save passwords in FirstClass client settings files. It is strongly recommended to disallow this feature for the administrator and subadministrators.
This feature is only available with FirstClass clients version 8.0 or higher.
Attachment limitationsThis field is primarily used to stop viruses from being sent through your FirstClass system. If there is a known virus, enter the exact attachment name in this space. FirstClass will not allow uploading or downloading of this specific attachment name.
This field can also be used to disallow uploading/downloading files of a specific type. Enter the file extension preceeded by a wild card. FirstClass will not allow uploading or downloading of this file type.
You can set attachment limitations for the All Users group, or any groups you create. Do not set attachment limitations on any other Standard user group.
Use this tab to store information about your Internet Services and Voice Services (you will only have Voice Services if you are a FirstClass Unified Communications user).Your registered domain name.
Internet mail domain
If you have only one domain name for all users, set this as the default value on the All Users Group Privileges form and do not enter anything on individual user or conference group forms.
In a multi-tenant environment with several domain names, enter the domain name on the user group's Group Privileges form. All domain names must also be entered on the Multiple Sites and Languages form.
Voice ServicesThis section is only relevant for FirstClass Unified Communications customers.
DN prefixThe DN prefix is the common exchange for your company's block of numbers.
If you have only one DN prefix, set this as the default value on the All Users Group Privileges form and do not enter anything on individual user or conference group forms. If a caller presses "0", this is the number to which the call will be redirected.
In a multi-tenant environment with several DN prefixes, enter the DN prefix for the specific organizational unit on the organizational unit's (user group's) Group Privileges form.
Operator revert DN
If you have only one preferred Operator revert DN, enter this number on the Voice Services Administration form and do not enter anything on individual user or conference group forms.Dialing restrictions are set system-wide on the Voice Services Admin form. When you set dialing restrictions for a group or organizational unit, the settings override what is set on the Voice Services Administration form. A user's dialing restrictions are based on the user's primary organizational unit's settings.
In a multi-tenant environment, or a large organization, the revert DN may depend on the organizational unit or group the original call recipient is a member of. Enter the Operator revert DN on the organizational unit's (user group's) Group Privileges form.
Enter dialing restrictions for this group or organizational unit. This includes all long distance codes, and all pre-dialing codes (for example, 1 for North American long distance dialing, PBXs requiring an outside line access code (usually 9), etc).
Restrictions begin with ! and accessible dialing strings have no prefix. Restricted and accessible dialing strings can be combined by separating them with commas. In all cases, the most exact match will be used. For example:
!9 disallows all calls to numbers beginning with 9. If 9 is the outside line code for your PBX, this will disallow all calls outside of your PBX.
!9,9055551234 disallows all calls to numbers beginning with 9, but allows calls to the specific number 9055551234.
!9,905,!9055554567 disallows all calls to numbers beginning with 9, but allows all calls to area code 905 except calls to the specific number 9055554567.
If this field is blank, the system will default to the system-wide settings from the Voice Services Admin form. If this field contains !0,!1,!2,!3,!4,!5,!6,!7,!8,!9 then no outdialing is permitted for all members of this group. If this field contains 0,1,2,3,4,5,6,7,8,9 then all dialing is unrestricted for this group.If you are in a multi-tenant environment, select this option for the highest level organizational unit that encompasses all users from one company.
Automatically filter Directory to this group
You have two companies on one system: Company A and Company B. Each is an organizational unit at the level of Company.
Within each company there are several organizational units (departments, groups, teams).
You want all employees of Company A to be able to see and dial all other Company A employees.
You do not want Company A employees to be able to use the phone to Name dial Company B.
Select Automatically filter Directory to this group for Company A organizational unit. If you set it at a more restricted level (department, for instance) employees would be unable to see employees outside of their department.
If this option is not selected at all, the dialing Directory will not be filtered and members of Company A will be able to see all members of Company B in the Directory and will have access to Name dial and other Directory dialing through Voice Services.
If a user is a member of multiple organizational units (company, department, team), only select this option for one of his organizational units (this would usually be the highest level).
Use this tab to allow members of this group to administer users in other groups. All users in this group will be able to view and edit the other group members' User Information forms.
Do not enable the "Edit user information" feature for this group since you only want these members to administer specific groups.
Enter the group(s) that this group can administer.