Granting Access Rights

Access rights are set on the basis of group/administrator pairs. By default, any group that has been associated with an administrator account has full access rights enabled. In this step you will change the permissions as necessary, so that some of the administrators will only be able to access certain tabs and options in the Groups Web Interface.

The access rights will be granted as follows:

Role Username Access Rights
Assistant Administrator GeorgeC Full access to all domains.
Business Administrator FrankB Full access within the “business” domain.
Science Administrator SusanS Full access within the “science” domain.
Helpdesk JerryS Allow and block lists for all domains (no other Configuration options), online help access, quarantine (with no preview options) and no access to reports.
Human Resources Administrator TanyaH "Offensive Words" watch list for all domains, online help access, quarantine access (for reason "offensive" only), and no access to reports.

In this tutorial, the Assistant Administrator (GeorgeC) has responsibility for all of the domains. Since full access rights were granted by default when you associated this user with each of the three groups, there is no need to modify the permissions for GeorgeC. The same is true for FrankB (Business Administrator) and SusanS (Science Administrator), who already have full access to their respective domains.

For rest of the administrators, however, you will have to restrict access to certain features. This is accomplished by specifying the --group, --user, --permission and --value (usually ''on" or ''off") for specific permissions or groups of permissions.

To set permissions for the Helpdesk and Human Resources administrators:

At the command line, as the “pmx6” user, run the following commands:

Helpdesk - JerryS

pmx-group --set-perm --group sophos --user JerryS --permission configuration.document.policy-description --value read
pmx-group --set-perm --group sophos --user JerryS --permission configuration.policysettings --value off
pmx-group --set-perm --group sophos --user JerryS --permission quarantine.preview --value off
pmx-group --set-perm --group sophos --user JerryS --permission reports --value off
pmx-group --set-perm --group business --user JerryS --permission configuration.document.policy-description --value read
pmx-group --set-perm --group business --user JerryS --permission configuration.policysettings --value off
pmx-group --set-perm --group business --user JerryS --permission quarantine.preview --value off
pmx-group --set-perm --group business --user JerryS --permission reports --value off
pmx-group --set-perm --group science --user JerryS --permission configuration.document.policy-description --value read
pmx-group --set-perm --group science --user JerryS --permission configuration.policysettings --value off
pmx-group --set-perm --group science --user JerryS --permission quarantine.preview --value off
pmx-group --set-perm --group science --user JerryS --permission reports --value off

Human Resources Administrator - TanyaH

pmx-group --set-perm --group sophos --user TanyaH --permission configuration.document.policy-description --value read 
pmx-group --set-perm --group sophos --user TanyaH --permission configuration.lists.allowed-relays-per-group --value off
pmx-group --set-perm --group sophos --user TanyaH --permission configuration.lists.allowed-senders-per-group --value off
pmx-group --set-perm --group sophos --user TanyaH --permission configuration.lists.blocked-relays-per-group --value off
pmx-group --set-perm --group sophos --user TanyaH --permission configuration.lists.blocked-senders-per-group --value off
pmx-group --set-perm --group sophos --user TanyaH --permission configuration.policysettings --value off
pmx-group --set-perm --group sophos --user TanyaH --permission help --value off 
pmx-group --set-perm --group sophos --user TanyaH --permission quarantine.actions --value off
pmx-group --set-perm --group sophos --user TanyaH --permission quarantine.actions.approve --value off
pmx-group --set-perm --group sophos --user TanyaH --permission quarantine.actions.delete --value off
pmx-group --set-perm --group sophos --user TanyaH --permission quarantine.actions.forward --value off
pmx-group --set-perm --group sophos --user TanyaH --permission --value off 
pmx-group --set-perm --group sophos --user TanyaH --permission --value off   
pmx-group --set-perm --group sophos --user TanyaH --permission quarantine.preview.attachments --value off
pmx-group --set-perm --group sophos --user TanyaH --permission --value off
pmx-group --set-perm --group sophos --user TanyaH --permission quarantine.preview.content --value off
pmx-group --set-perm --group sophos --user TanyaH --permission --value off
pmx-group --set-perm --group sophos --user TanyaH --permission quarantine.preview.source --value off
pmx-group --set-perm --group sophos --user TanyaH --permission quarantine.preview.status --value off
pmx-group --set-perm --group sophos --user TanyaH --permission quarantine.reason.blacklisted --value off
pmx-group --set-perm --group sophos --user TanyaH --permission quarantine.reason.spam --value off
pmx-group --set-perm --group sophos --user TanyaH --permission quarantine.reason.virus --value off
pmx-group --set-perm --group sophos --user TanyaH --permission reports --value off

pmx-group --set-perm --group business --user TanyaH --permission configuration.document.policy-description --value read 
pmx-group --set-perm --group business --user TanyaH --permission configuration.lists.allowed-relays-per-group --value off
pmx-group --set-perm --group business --user TanyaH --permission configuration.lists.allowed-senders-per-group --value off
pmx-group --set-perm --group business --user TanyaH --permission configuration.lists.blocked-relays-per-group --value off
pmx-group --set-perm --group business --user TanyaH --permission configuration.lists.blocked-senders-per-group --value off
pmx-group --set-perm --group business --user TanyaH --permission configuration.policysettings --value off
pmx-group --set-perm --group business --user TanyaH --permission help --value off 
pmx-group --set-perm --group business --user TanyaH --permission quarantine.actions --value off
pmx-group --set-perm --group business --user TanyaH --permission quarantine.actions.approve --value off
pmx-group --set-perm --group business --user TanyaH --permission quarantine.actions.delete --value off
pmx-group --set-perm --group business --user TanyaH --permission quarantine.actions.forward --value off
pmx-group --set-perm --group business --user TanyaH --permission --value off 
pmx-group --set-perm --group business --user TanyaH --permission --value off   
pmx-group --set-perm --group business --user TanyaH --permission quarantine.preview.attachments --value off
pmx-group --set-perm --group business --user TanyaH --permission --value off
pmx-group --set-perm --group business --user TanyaH --permission quarantine.preview.content --value off
pmx-group --set-perm --group business --user TanyaH --permission --value off
pmx-group --set-perm --group business --user TanyaH --permission quarantine.preview.source --value off
pmx-group --set-perm --group business --user TanyaH --permission quarantine.preview.status --value off
pmx-group --set-perm --group business --user TanyaH --permission quarantine.reason.blacklisted --value off
pmx-group --set-perm --group business --user TanyaH --permission quarantine.reason.spam --value off
pmx-group --set-perm --group business --user TanyaH --permission quarantine.reason.virus --value off
pmx-group --set-perm --group business --user TanyaH --permission reports --value off
pmx-group --set-perm --group science --user TanyaH --permission configuration.document.policy-description --value read 
pmx-group --set-perm --group science --user TanyaH --permission configuration.lists.allowed-relays-per-group --value off
pmx-group --set-perm --group science --user TanyaH --permission configuration.lists.allowed-senders-per-group --value off
pmx-group --set-perm --group science --user TanyaH --permission configuration.lists.blocked-relays-per-group --value off
pmx-group --set-perm --group science --user TanyaH --permission configuration.lists.blocked-senders-per-group --value off
pmx-group --set-perm --group science --user TanyaH --permission configuration.policysettings --value off
pmx-group --set-perm --group science --user TanyaH --permission help --value off 
pmx-group --set-perm --group science --user TanyaH --permission quarantine.actions --value off
pmx-group --set-perm --group science --user TanyaH --permission quarantine.actions.approve --value off
pmx-group --set-perm --group science --user TanyaH --permission quarantine.actions.delete --value off
pmx-group --set-perm --group science --user TanyaH --permission quarantine.actions.forward --value off
pmx-group --set-perm --group science --user TanyaH --permission --value off 
pmx-group --set-perm --group science --user TanyaH --permission --value off   
pmx-group --set-perm --group science --user TanyaH --permission quarantine.preview.attachments --value off
pmx-group --set-perm --group science --user TanyaH --permission --value off
pmx-group --set-perm --group science --user TanyaH --permission quarantine.preview.content --value off
pmx-group --set-perm --group science --user TanyaH --permission --value off
pmx-group --set-perm --group science --user TanyaH --permission quarantine.preview.source --value off
pmx-group --set-perm --group science --user TanyaH --permission quarantine.preview.status --value off
pmx-group --set-perm --group science --user TanyaH --permission quarantine.reason.blacklisted --value off
pmx-group --set-perm --group science --user TanyaH --permission quarantine.reason.spam --value off
pmx-group --set-perm --group science --user TanyaH --permission quarantine.reason.virus --value off
pmx-group --set-perm --group science --user TanyaH --permission reports --value off

The permissions are disabled for the specified users.

The pmx-group command is also used to view permissions for a specific group/administrator pair. For example, you can view the complete list of permissions that the user “TanyaH” has for the “business” group by running the following command:

pmx-group --view-perm --group business --user TanyaH

For additional information, see “Setting Group Access Rights” and “Viewing Group Access Rights”.

You have completed the tutorial. The groups you created can now be administered according to the roles and permissions you defined.