Overview
User accounts can be sorted into groups. Creating user groups allows to assign access rights to groups and use them when defining access rules. It can be useful when configuring user and group restrictions in Traffic rules and Content Filter rules.
You can create either a local user group or map existing groups from a directory service.
Diagnosis
Group rights have a tight connection with User account rights. The person's Individual Rights will always supersede Group Rights in elevation but not a demotion, i.e. you can elevate someone via Group Rights but not demote them. For example:
- If the user has lower rights (i.e. no access to Webadmin) and the assigned group has higher permissions (i.e. Read-only or Full access), the Group rights will have a higher ranking and the user will be able to access the Webadmin.
- If the user has higher rights (i.e. Read-only or Full) and the assigned group has lower permissions (no access), the Individual rights will have a higher ranking and the user will be still able to access the Webadmin.
Solution
- Open the Kerio Control administration interface.
- In section Groups, select Local User Database.
- Click Add.
- On the General tab, enter a group name and the description.
- On Members tab click Add.
- Select users, you wish to add to the group and confirm.
Note: You can also go to Users and select a group in the user's settings.
- On tab Rights, you can configure access rights for this group. It includes both Administration and additional rights, such as unlocking Content Filter rules, controlling dial-up lines, and connecting through VPN.
- Save the settings.
Confirmation
The group is added to the Group list. It can be edited or removed if no longer needed.