Communication Server Security Setup Guide

ManualsBrands3Com ManualsServer10031370-01

Communication Server

Security Setup Guide

CommWorks Ready

Part Number 10031370

Summary of content (44 pages)

PAGE 1
Communication Server Security Setup Guide CommWorks Ready Part Number 10031370
PAGE 2
PAGE 3
Communication Server Security Setup Guide CommWorks Ready Part No.
PAGE 4
3Com Corporation 5400 Bayfront Plaza Santa Clara, California 95052-8145 3COM CORPORATION (hereinafter 3Com) LIMITED USE SOFTWARE LICENSE AGREEMENT READ CAREFULLY: By exercising Licensees rights to make and use copies of the SOFTWARE (as may be provided for below), Licensee agrees to be bound by the terms of this license agreement. IF LICENSEE DOES NOT AGREE TO THE TERMS OF THIS AGREEMENT, PROMPTLY RETURN THIS PACKAGE TO THE PLACE FROM WHICH LICENSEE OBTAINED IT FOR A FULL REFUND.
PAGE 5
Compatibility. The Software is only compatible with certain personal computers. The Software may not be compatible with and is not warranted for non-compatible systems. Call 3Com Customer Support for information on compatibility. Diskettes and Documentation.
PAGE 6
Documentation means all guidebooks - either in printed or electronic format - and any other printed material provided by 3Com with the software. License means the license purchased and granted in this agreement. LICENSE AUTHENTICATION PROCEDURES are described in the Getting Started Guide accompanying this license. To protect our licenses and Licensees assurance of exceptional customer and technical services, each license on a machine running 3Com Server software must be authenticated.
PAGE 7
CONTENTS ABOUT THIS GUIDE Conventions........................................................................................................................ ix Year 2000 Compliance ......................................................................................................... x 1 INTRODUCING SECURITY ......................................................................................................................Introduction1-1 The Nature of Objects ........................................
PAGE 8
viii
PAGE 9
ABOUT THIS GUIDE This chapter covers security issues over the network, assigning rights and permissions to users. If release notes are shipped with your product and the information there differs from the information in this guide, follow the instructions in the release notes. Most user guides and release notes are available in Adobe Acrobat Reader Portable Document Format (PDF) or HTML on the 3Com World Wide Web site: http://totalservice.3com.
PAGE 10
x CHAPTER : ABOUT THIS GUIDE Convention Description Keyboard key names If you must press two or more keys simultaneously, the key names are linked with a plus sign (+). Example: Words in italics Italics are used to: Press Ctrl+Alt+Del ■ ■ ■ Emphasize a point. Denote a new term at the place where it is defined in the text. Identify menu names, menu commands, and software button names. Examples: From the Help menu, select Contents. Click OK.
PAGE 11
1 INTRODUCING SECURITY This chapter explains how security works and what functions it performs. It also provides reference information on pre-defined user groups, all permissions and permission definitions. Introduction The organization of this guide follows the concepts and steps required to set up security. Follow the steps in this guide exactly to achieve the best results and ensure the fewest problems. After setting up the server and adding users, use the security module.
PAGE 12
1-2 CHAPTER 1: INTRODUCING SECURITY A complete description of all possible permissions appears in the Security Objects and Permissions section later in this chapter. A permission can be: ■ Grantedyou can do the action ■ Deniedyou cannot do the action ■ ■ Inheritedyou can or cannot do the action based on the permissions defined for your group Irrevocableyou can do the action and the permission cannot be denied.
PAGE 13
Security Glossary 1-3 case, simply remove permission from the Sales User group to deny them access to monitoring feature of fax port 2. All other user groups, except those belonging to the sub-group Sales User, can still monitor the modem. This illustrates that user groups with similar permissions can be modified, allowing greater control. Security Glossary Irrevocable PermissionA permission that is granted to users because they belong to a pre-defined group with permissions that cannot be changed.
PAGE 14
1-4 CHAPTER 1: INTRODUCING SECURITY set up here. There are two states of an Account # in reference to a user. The Account # is either Active or Forwarded. Table 1-1 Icon ListObject Icons Icon Name Icon Name Server Modems Attachments Phonebooks Cover Pages User Profiles Account #’s Server Setup Fax Jobs Users Folders Table 1-2 Icon ListPermission Icons Icon Name Icon Name Granted permission that was inherited. Denied permission that was inherited.
PAGE 15
Security Glossary 1-5 If you are satisfied with the pre-defined User groups and their permissions, you may not need to use this security module at all (except to add new users). For more information on the permissions for pre-defined groups, see the following section, Pre-Defined User Groups. Pre-Defined User Groups There are six pre-defined User groups with default permissions. You cannot remove any of the pre-defined groups or change the irrevocable permissions.
PAGE 16
1-6 CHAPTER 1: INTRODUCING SECURITY Server supervisors cannot create fax jobs unless they also belong the Fax Users group. Account Supervisors Account supervisors are created to provide added security for individuals who need it. Defined properties of accounts might prevent server supervisors (who create users) from viewing faxes, which are created by users in a specific account.
PAGE 17
Security Glossary 1-7 CommWorks IP Fax Users Members of this group have irrevocable permissions to create fax jobs. You must belong to this group to create fax jobs. Assistants Members of this group can do the same actions to fax jobs as the person they assist. Default Object Permissions This section lists the permissions, by object, which all users have by default. For more information on what each permission means, see Permission Definitions by Object later in this chapter.
PAGE 18
1-8 CHAPTER 1: INTRODUCING SECURITY ■ User Profile Owned by 'Self' This group allows the creator of an object additional permissions for it. You can change these permissions as needed. For more information on the default permissions users have for objects Owned By Self, see the previous section. For an example of how to change permissions on an Owned by Self group, see Chapter 3 Security Permission Examples.
PAGE 19
Security Glossary 1-9 List Cover PageSee that the cover page exists in the list of cover pages using the Fax Send dialog. Other Cover Page Permissions are only useful when you have the List Permission. Use Cover PageSend the Cover Page with outbound faxes from the Fax Send dialog. View Cover PageView the Cover Page contents using the Cover Page Editor.
PAGE 20
1-10 CHAPTER 1: INTRODUCING SECURITY Rename FolderChange the folder's name from the Folder Properties dialog. View From FolderView a fax from the folder in the Fax Image Viewer. Phonebook Permissions Add to PhonebookAdd a recipient to a phonebook or phonebook group on the Phonebooks window. Delete Entire PhonebookRemove the phonebook and all its contents from the Phonebook window.
PAGE 21
Security Glossary 1-11 Edit User's Phonebook EntryChange the phonebook entry information for the user from the user's Phonebook Entry dialog. List UserSee that the user exists on the Authorized Users dialog. Other user permissions are only useful when you have the List Permission. View User ProfileView the user Properties dialog for the user. Server Setup Users with this permission can Edit Dialing RestrictionsChange the dialing restrictions for the user from the Dialing Restrictions dialog.
PAGE 22
PAGE 23
2 WORKING WITH SECURITY This chapter explains how to use the security module to create groups and edit permissions. Starting Security The example below will use the Server Administrator button menu to work with security features. Access is also available from the fax client screen. To start the Security Setup window, the fax server must be running. 1 From the Microsoft Start button, click Programs. 2 Click 3Com Corporation. 3 Click Server Administrator.
PAGE 24
2-2 CHAPTER 2: WORKING WITH SECURITY Sorting Security Information The Security Setup screen has a command bar at the top. This section will address some of the commands found in this area. The table below describes commands under the Change item: Table 2-1 Change Commands Command Name Description Create New Group Create a new group from the list of group types.
PAGE 25
Starting Security Setting Up Accounts 2-3 In a new installation, two default accounts are created automatically: the account names are reserved, and are displayed as Account #1 and System Account. These accounts cannot be deleted. To view the list of accounts, click the plus sign (+) to expand the All Accounts folder. Expand the account folders to view a list of account trustees, or users within that account.
PAGE 26
2-4 CHAPTER 2: WORKING WITH SECURITY 3 Enter the users name in the field and click Add. The User Properties screen appears: Figure 2-4 User Properties Fields for this screen are described below: Table 2-4 User Properties Fields Field Name Description Settings User Name User name appears automatically. No settings. Authentication Set in previous screen. No settings. Subdirectory A folder is created based on the users name. No settings. Unique ID # A unique number is No settings.
PAGE 27
Starting Security Field Name Description Settings Account Status Active: All account rules apply to this user. Active is the default setting. 2-5 Forwarded: All inbound faxes and activity charges will be forwarded to the account named in the Forwarded To field below. Long Distance Use this optional section if special codes are needed to make long distance calls. Access: An account number or access number may be required by your long distance service provider.
PAGE 28
2-6 CHAPTER 2: WORKING WITH SECURITY Setting Up Groups After manually creating users, creating groups provides structure to the security configuration. For example, a separate group may be created for each department so that the use of attachments, phonebooks or port devices is restricted. Setting up groups prepares a default setting for each new user in that group. Exceptions only need individual configuration.
PAGE 29
Starting Security 2-7 5 The Add Members screen opens in a window to the left of the main screen. Select users one-at-a-time or all at once. Click Add Member! and the names appear in the expanded groupname folder. Figure 2-7 Members Added If you select an inappropriate group type is selected, Security will make an automatic logic correction. Managing Groups At this point, it is important to distinguish the differences between pre-defined groups and user-defined groups.
PAGE 30
2-8 CHAPTER 2: WORKING WITH SECURITY Deleting a User-defined Group 1 In Security Setup, select the group you want to remove. 2 From the Change menu, click Delete Group. 3 The group is removed from the list. Sub-Groups Users and objects can belong to more than one group. To view all groups to which the user or object belongs, follow these steps: 1 Open the Security Setup window. 2 Select the group or individual you want to use. 3 From the Change menu, click Groups Which Contain Contain window opens.
PAGE 31
Starting Security 2-9 5 On the command bar, click Permissions. The Permissions window appears: Figure 2-9 Object Permissions by User Group 6 This screen shows that all inherited permissions have been transferred to all users in this group. Change one or two permissions to perform the next step. Figure 2-10 Changed Permissions 7 Close the Developers Permissions screen. 8 Change to Sort by Object. 9 Expand the All Fax Jobs group. 10 Expand the All Fax Jobs Owned by Self group. 11 Click Developers.
PAGE 32
2-10 CHAPTER 2: WORKING WITH SECURITY Dominant Permission When a user belongs to more than one group with different permissions, or is individually defined for specific objects, which permission is used? Rule 1. Individuals permissions overrule the permissions for a group. An individual permission overrides a group permission, even if the group permission changes after the individual member was modified. Rule 2. Explicit permission overrules inherited permission.
PAGE 33
Starting Security 2-11 1. Change the permission in this screen. An explicit permission will override a group-inherited permission. 2. Make a specific group for Sales Attachments. These public attachments are accessible by all sales persons. Gallagan has permission to delete in this object group: Figure 2-14 All Attachments Permissions by User Resetting Security The entire security module can be re-set back to default settings.
PAGE 34
PAGE 35
3 SECURITY PERMISSION EXAMPLES This chapter shows two example procedures. These samples build on concepts discussed earlier in this guide. Sample Sales Permissions This sample uses a group of users called SrSales and a group of attachments called SalesAttachments. This sample explains how to change the permissions so that only members of the SrSales group can use the attachments in the Sales Attachments group. For more information on creating groups, see Chapter 2, Working With Security in this guide.
PAGE 36
3-2 CHAPTER 3: SECURITY PERMISSION EXAMPLES d Click SalesAttachments to expand the folder. Click Permissions! Figure 3-2 Default Permissions e The default permissions for Sales Attachments shows that no permissions are granted. 2 Grant the Developers group permission to use the attachments in the SalesAttachments group. a From the Sorted By Objects window, click SalesAttachments. b Double-click the group to display the users. Select the SrSales group. c Click Permissions!.
PAGE 37
Sample Sales Permissions 3-3 d Click Permissions! to see that these attachments cannot be used by this group. Figure 3-4 Development Permissions e Open the SrSales group. f Open the All Attachments folder and click on SalesAttachments. Figure 3-5 SrSales Permissions g Click Permissions! to see that these attachments can be used by this group.
PAGE 38
3-4 CHAPTER 3: SECURITY PERMISSION EXAMPLES To Change Individual Permissions 1 In the Sorted by Users window, select a user that does not belong to either the SrSales group or the Server Supervisors pre-defined group. Double-click the user to display the objects. Check the groups to which a user belongs by selecting the user and clicking Groups Which Contain... from the Change menu. 2 Under All Attachments, select Sales Attachments and click Permissions.
PAGE 39
7 Click Change Permissions! to allow this user use of the SalesAttachments.
PAGE 40
PAGE 41
1 INDEX A Account # definition 1-3 Account #1 2-3 Account Status user properties 2-5 Accounts 1-2 creating 2-3 overview 1-2 Add New User 2-2, 2-3 Add To Folder definition 1-9 Add to Phonebook definition 1-10 Adding Users to pre-defined Groups 1-4 Adding Members to Pre-Defined User Groups 1-4 All 'Objects' Owned By Self 1-7 All Attachments permission definition 1-7 All Cover Pages permission definition 1-7 All Fax Jobs permission definition 1-7 All Folders permission definition 1-7 All Phonebooks permissi
PAGE 42
2 owned by self 1-7 pre-defined User Groups 1-5 security 1-1, 2-1 Owned By Self definition 1-3 overview 1-7 Owned by Self Object list 1-7 P Password/Confirm user properties 2-4 Pause Fax Job definition 1-9 Pause/Resume all Server Modems definition 1-11 Permission default Object 1-7 modem list 1-1 Object Permissions defined 1-8 positive and negative 1-2 sample overview steps 3-1 sample procedure 3-1 setup 2-8 status list 1-2 viewing 2-8 Permission Dependencies 1-8 Permission Example verification procedure
PAGE 43