Communication Server
Security Setup Guide
CommWorks Ready
Part Number 10031370
Download from Www.Somanuals.com. All Manuals Search And Download.
Communication Server
Security Setup Guide
CommWorks Ready
Part No. 10031370-01
Published November 2000
Download from Www.Somanuals.com. All Manuals Search And Download.
3Com Corporation
5400 Bayfront Plaza
Santa Clara, California
95052-8145
3COM CORPORATION (hereinafter “3Com”) LIMITED USE SO.TWARE LICENSE AGREEMENT
READ CARE.ULLY: By exercising Licensee’s rights to make and use copies of the SO.TWARE (as may be
provided for below), Licensee agrees to be bound by the terms of this license agreement. I. LICENSEE DOES
NOT AGREE TO THE TERMS O. THIS AGREEMENT, PROMPTLY RETURN THIS PACKAGE TO THE PLACE .ROM
WHICH LICENSEE OBTAINED IT .OR A .ULL RE.UND.
LICENSE AND PROTECTION
LICENSE GRANT. 3Com grants to the End User (hereinafter “Licensee”) and Licensee accepts subject to the
following terms and conditions, a nonexclusive, nontransferable right to use the accompanying copy of the
Software limited to the number of communication ports licensed for fax or data exchange. A
communication port can be accessed and used by only one network user at any one time; however, all
network users have concurrent single user access. Should 3Com determine that Licensee is in Breach of said
license, Licensee agrees to return the original and all other copies of the Software and Documentation to
3Com. 3Com reserves all rights not expressly granted to Licensee.
PROTECTION O+ SO+TWARE.
Licensee agrees to take all reasonable steps to protect the Software and documentation from unauthorized
copying or use. Without limiting any remedies or relief, which may be available to 3Com, Licensee agrees to
pay 3Com for additional licenses if Licensee uses the Software on more than the licensed number of
communication ports or in any way beyond the scope of this License.
COPIES.
All server and client executable files are contained on the single CD received with this License. Licensee may
make one new copy of the client component of the software per client on the network provided that this
new copy is created as an essential step in the deployment of the Software and is used in no other manner,
or is for archival purposes only to backup use of the Software. All proprietary rights notices must be
faithfully reproduced and included on such copies. Licensee may not copy the documentation unless for use
by network clients as a step in the deployment of the Software, and for no other reason.
OWNERSHIP.
Ownership of, and title to the Software and Documentation (including any adaptation or copies) shall be
held by 3Com. Copies are provided to Licensee only to allow Licensee to exercise its rights under the License.
TRANS+ER O+ LICENSE.
Licensee may transfer this License to another person or entity with the prior written approval of 3Com.
3Com shall not unreasonably withhold approval if Licensee advises 3Com in writing of the name and
address of the proposed transferee and the transferee agrees to be bound by this Agreement. If the License
transfer is approved, Licensee must transfer all copies of the Software and documentation including the
original copies provided in this package and any copies Licensee has legally made.
TERM.
This Agreement is effective from the date Licensee opens this package, and shall remain in force until
terminated. Licensee may terminate this License at any time by destroying the Documentation and the
Software together with all copies. This Agreement shall also automatically terminate if Licensee breaches
any of the terms or conditions of this Agreement. Licensee agrees to destroy the original and all copies of
the Software and Documentation, or to return such copies to 3Com upon termination of this license.
LICENSE AUTHENTICATION.
Use of each Server license is authorized for an initial 30 calendar days providing all licenses are authenticated
by 3Com to allow for continued operation beyond these initial 30 days. If the Server license is not
authenticated within the initial 30 days of operation, on the 31st day, it will cease to transmit and cease to
forward or print received faxes. License Authentication Procedure is described in the ‘Getting Started Guide’
included with this CD.
LIMITED WARRANTY AND LIMITED LIABILITY.
Authentication. Licensee will automatically lose all rights under this Limited Warranty unless Licensee
initiates and completes the License Authentication Procedure promptly, completely, and accurately and
return it to 3Com within 30 days of installing and executing the Server Software.
Download from Www.Somanuals.com. All Manuals Search And Download.
Compatibility. The Software is only compatible with certain personal computers. The Software may not be
compatible with and is not warranted for non-compatible systems. Call 3Com Customer Support for
information on compatibility.
Diskettes and Documentation. 3Com warrants that if the enclosed magnetic diskettes, CD-ROMs or other
media or Documentation are in a damaged or physically defective condition at the time that the License is
purchased and if they are returned to 3Com (postage prepaid) within 90 days of purchase, then 3Com will
provide Licensee with replacements at no charge.
Software. 3Com warrants that if the Software fails to substantially conform to the specifications in the
Documentation and if the nonconformity is reported in writing by Licensee to 3Com within ninety (90) days
from the date that the License is purchased, the 3Com shall use commercially reasonable efforts to remedy
the nonconformity or at its option refund the purchase price.
DISCLAIMER O+ WARRANTIES.
3Com makes no warranty, representation or promise not expressly set forth in this agreement. 3Com
disclaims and excludes any and all implied warranties of merchantability and fitness for particular purpose.
3Com does not warrant that the software or documentation will satisfy its requirements or that the software
and documentation are without defect, omission or error or that the operation of the software will be
uninterrupted. This limited warranty gives Licensee specific legal rights.
LIMITATION O+ LIABILITY.
3Com’s aggregate liability arising from or relating to this agreement or the Software or documentation is
limited to the total of all payments made by or for Licensee for the license. 3COM SHALL NOT IN ANY CASE
BE LIABLE .OR ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL, INDIRECT OR PUNITIVE DAMAGES EVEN I.
3COM HAS BEEN ADVISED O. THE POSSIBILITY O. SUCH DAMAGES. 3COM IS NOT RESPONSIBLE .OR
LOST PRO.ITS OR REVENUE, LOSS O. USE O. THE SO.TWARE LOSS O. DATA COSTS O. RECREATING LOST
DATA, THE COST O. ANY SUBSTITUTE EQUIPMENT OR PROBLEM, OR CLAIMS BY ANY PARTY OTHER THAN
LICENSEE.
SOLE REMEDY AND ALLOCATION O+ RISK.
Licensee’s sole and exclusive remedy is set forth in this agreement. This agreement defines a mutually
agreed-upon allocation of risk and 3Com’s prices and fees reflect such allocation of risk.
GENERAL CONDITIONS.
Governing Law. This agreement shall be governed by, and interpreted in accordance with the laws of the
state of Illinois.
Entire Agreement. This agreement sets forth the entire understanding and agreement between Licensee
and 3Com and may be amended only in writing signed by both parties. No vendor, distributor, dealer,
retailer, sales person or other person is authorized to modify this agreement or to make any warranty,
representation or promise which is different than, or in addition to the representations or promises of this
agreement.
Waiver. No waiver of any right under this agreement shall be deemed effective unless contained in writing
signed by a duly authorized representative of 3Com, and no waiver of any past or present right arising from
any breach of or failure to perform shall be deemed to be a waiver of any future right arising under this
agreement.
Severability. If any provision in this agreement is invalid or unenforceable, that provision shall be construed,
limited, modified or, if necessary severed, to the extent of necessary to eliminate its invalidity or
unenforceability, and the other provisions of this agreement shall remain unaffected.
DE+INITIONS.
“3Com” means 3Com Corporation and its subsidiaries, a company with offices in Mount Prospect, Illinois.
“Licensee” means the person or business entity that purchased this license to use this software or for the
end user for whom such license was purchased.
“Software” means the computer programs provided in the accompanying package.
“Communication port” means a single modem or serial port device attached to a personal computer serial
port, the use of which is allowed through the network, by any other network node or machine, locally or
remotely attached - and controlled by the software. Only one personal computer can access, load and
execute the software at any given time for each licensed communication port. The software shall not be
loaded on different/additional local area networks or internetworks. Different/additional networks must
have separate additional licenses.
Download from Www.Somanuals.com. All Manuals Search And Download.
“Documentation” means all guidebooks - either in printed or electronic format - and any other printed
material provided by 3Com with the software.
“License” means the license purchased and granted in this agreement.
LICENSE AUTHENTICATION PROCEDURES are described in the ‘Getting Started Guide’ accompanying this
license. To protect our licenses and Licensee’s assurance of exceptional customer and technical services,
each license on a machine running 3Com Server software must be authenticated. .or Licensee’s
convenience, Licensee can authenticate Licensee’s license via fax, phone or email.
The information required for authentication is stored in the server in a file called REGISTER.TXT. Please allow
five days for authentication.
YEAR 2000 IN+ORMATION:
.or information on Year 2000 compliance and 3Com products, visit the 3Com Year 2000 web page: http://
Download from Www.Somanuals.com. All Manuals Search And Download.
CONTENTS
Year 2000 Compliance .........................................................................................................x
Pre-Defined User Groups............................................................................................. 1-5
Sorting Security Information........................................................................................ 2-2
Setting Up Security Permissions................................................................................... 2-8
Download from Www.Somanuals.com. All Manuals Search And Download.
viii
Download from Www.Somanuals.com. All Manuals Search And Download.
ABOUT THIS GUIDE
This chapter covers security issues over the network, assigning rights and
permissions to users.
If release notes are shipped with your product and the information there differs
from the information in this guide, follow the instructions in the release notes.
Most user guides and release notes are available in Adobe Acrobat Reader
Portable Document .ormat (PD.) or HTML on the 3Com World Wide Web site:
Conventions
Table 1 Notice Icons
Icon
Notice Type
Description
Information note Information that describes important features or
instructions
Caution
Information that alerts you to potential loss of data or
potential damage to an application, system, or device
Convention
Description
Screen displays This typeface represents information as it appears on the
screen.
Syntax
The word “syntax” means that you must evaluate the syntax
provided and then supply the appropriate values for the
placeholders that appear in angle brackets. Example:
To enable RIPIP, use the following syntax:
SETDefault !<port> -RIPIP CONTrol =
Listen
In this example, you must supply a port number for <port>.
Commands
The word “command” means that you must enter the
command exactly as shown and then press Return or Enter.
Commands appear in bold. Example:
To remove the IP address, enter the following command:
SETDefault !0 -IP NETaddr = 0.0.0.0
The words “enter”
and “type”
When you see the word “enter” in this guide, you must type
something, and then press Return or Enter. Do not press
Return or Enter when an instruction simply says “type.”
Download from Www.Somanuals.com. All Manuals Search And Download.
x
CHAPTER : ABOUT THIS GUIDE
Convention
Description
Keyboard key names If you must press two or more keys simultaneously, the key
names are linked with a plus sign (+). Example:
Press Ctrl+Alt+Del
Words in italics
Italics are used to:
I
Emphasize a point.
I
Denote a new term at the place where it is defined in the
text.
I
Identify menu names, menu commands, and software
button names. Examples:
.rom the Help menu, select Contents.
Click OK.
Year 2000 Compliance
.or information on Year 2000 compliance and 3Com products, visit the 3Com
Year 2000 Web page:
Download from Www.Somanuals.com. All Manuals Search And Download.
INTRODUCING SECURITY
1
This chapter explains how security works and what functions it performs. It also
provides reference information on pre-defined user groups, all permissions
and permission definitions.
Introduction
The organization of this guide follows the concepts and steps required to set up
security. .ollow the steps in this guide exactly to achieve the best results and
ensure the fewest problems.
After setting up the server and adding users, use the security module. Security
works with the existing trustee hierarchy (server supervisors, account supervisors,
administrators, managers and users) and allows you to specify permissions for
individuals (users), accounts and groups.
The Nature of Objects Documents are objects that are stored in the fax server that may be accessed by
users for faxing. Cover pages, telephone lists and attachments are objects. User
profiles and modems are also objects.
Permissions and Objects
Permissions determine who can do what to each object.
The security permissions for server supervisors are fixed. You cannot change the
permissions nor delete the user group. This ensures that the server always has
someone that can work with users, Server Setup and Security permissions.
When the server supervisor creates a new user, the user is assigned to an account
under an account manager by the server supervisor. Once assigned to an account,
the server supervisor assigns some control over the user to the account supervisor.
+unctions of Security
Security allows you to:
I
Create accounts for users and objects (such as modems, cover pages and
phonebooks)
I
I
Create Groups of users and objects
Set the permissions owned by users, user accounts and user groups, to access
specific objects and object groups.
Some examples of permissions to access a modem include:
I
I
I
Monitor the status of the modem
Reset the modem
Pause/Resume modem activity
Download from Www.Somanuals.com. All Manuals Search And Download.
1-2
CHAPTER 1: INTRODUCING SECURITY
A complete description of all possible permissions appears in the “Security Objects
and Permissions” section later in this chapter.
A permission can be:
I
I
I
Granted—you can do the action
Denied—you cannot do the action
Inherited—you can or cannot do the action based on the permissions defined
for your group
I
Irrevocable—you can do the action and the permission cannot be denied.
Accounts An “account” does for CommWorks IP .ax Solutions roughly what a “domain”
does for Windows NT. Here are some attributes of accounts:
I
I
I
Each account contains one or more users
Every user belongs to one account
Users have more rights to things that belong to their own account, than they
do to things that belong to other accounts. .or example, a user might have
read-access to a public phonebook created by another user who belongs to the
same account, but would have no access to phonebooks created by users who
belong to a different account.
I
Each account has its own administrator. Administrators have all-powerful
privileges to things (e.g. end-users and fax-jobs) which belong to their own
account, but no privileges to things that belong to another account.
Groups Setting up and managing security is easier when objects and users are grouped.
Create groups of users to assign similar permissions. .or example, you might have
a Sales User group that has permission to use the same fax port device.
Create groups of objects to assign users similar permissions to use tham. .or
example, a subset of modems called Sales might be accessable only by members
of the Sales User group.
Positive and Negative Grant permission to do something (positive) or deny permission to do something
Security Permissions (negative). The following is an example of a negative permission:
Assume that All +ax Users have permission to use and monitor fax port
number 2. Sales users are to use this port, but are not to monitor it. In this
Download from Www.Somanuals.com. All Manuals Search And Download.
Security Glossary
1-3
case, simply remove permission from the Sales User group to deny them
access to monitoring feature of fax port 2. All other user groups, except
those belonging to the sub-group Sales User, can still monitor the modem.
This illustrates that user groups with similar permissions can be modified, allowing
greater control.
Security Glossary
Irrevocable Permission—A permission that is granted to users because they
belong to a pre-defined group with permissions that cannot be changed. The
server supervisor, account supervisors, CommWorks IP .ax Solutions manager,
CommWorks IP .ax user and Assistant groups all have irrevocable permissions.
Default Permission—A permission that is granted to users because they belong
to a pre-defined group with the permissions. The difference between default
permissions and irrevocable permissions is that you can change Default
Permissions.
Owned By Self—Any object that users can create or is owned by them has a
group labeled “Owned By Self”. This group gives the creator or owner of an
object more permissions for objects they own than for objects that are owned by
other people. Some objects that users create are faxes, attachments and cover
pages. Some objects users own are received faxes and their user profile.
Member—Each group of users or objects can have members. Members are
individuals or sub-groups that belong to a group.
List—Users with the list permission can see that the object or user exists, although
they may not be able to use it. Generally, the user or User group must have this
permission before they are granted another permission for the object. .or
example, a user that has the Use Attachment permission without the List
Attachment permission will never see the attachment to select it; therefore, the
user cannot ‘use’ the attachment.
Account #— Every user belongs to one account. Accounts are named using
account numbers (Account #’s). The Account # to which each user belongs is
displayed in the “User Properties” dialog. Properties for these Account #’s are also
Download from Www.Somanuals.com. All Manuals Search And Download.
1-4
CHAPTER 1: INTRODUCING SECURITY
set up here. There are two states of an Account # in reference to a user. The
Account # is either Active or .orwarded.
Table 1-1 Icon List—Object Icons
Icon
Name
Icon
Name
Server
Modems
Attachments
Cover Pages
Phonebooks
User Profiles
Account #’s
Fax Jobs
Server Setup
Users
Folders
Table 1-2 Icon List—Permission Icons
Icon
Name
Icon
Name
Granted permission
that was inherited.
Deniedpermission
that was inherited.
Granted permission
that was explicitly
given.
Deniedpermission
that was explicitly
refused.
Granted permission
that cannot be
denied.
Adding Members to There are six pre-defined user groups; server supervisors, account supervisors,
Pre-Defined User Groups managers, .ax Administrators, and CommWorks IP .ax users.
Use the Security module to add, authenticate and define new users.
Assistants also have irrevocable permissions, however, since the assistant's
permissions depend on another user’s permissions the assistant user level is not
listed as a pre-defined User group. Assistants have the same permissions to fax
jobs as the user they assist.
Download from Www.Somanuals.com. All Manuals Search And Download.
Security Glossary
1-5
If you are satisfied with the pre-defined User groups and their permissions, you
may not need to use this security module at all (except to add new users). .or
more information on the permissions for pre-defined groups, see the following
section, “Pre-Defined User Groups”.
Pre-Defined User Groups There are six pre-defined User groups with default permissions. You cannot
remove any of the pre-defined groups or change the irrevocable permissions.
However, you can change the default permissions for any pre-defined User group.
The only users without default permissions (they only have irrevocable
permissions) are server supervisors, account supervisors and Assistants.
Assistants can perform the same actions on fax jobs as the person they assist. They
are not included in security because their permissions are completely dependent
on the person they assist.
Pre-defined User groups provide the structure for the security module. This section
discusses the pre-defined User groups and explains their default and irrevocable
permissions.
If you want to add and remove members for the pre-defined User groups, you can
do so using the User Properties dialog.
In addition to the pre-defined groups and their permissions, you can add individual
members to sub-groups and set up permissions for the sub-groups to meet your
company specific requirements. .or more information on sub-groups, see Chapter
options. later in this guide.
Irrevocable Permissions
Members that belong to the following pre-defined groups have certain irrevocable
permissions:
I
I
I
I
I
Server Supervisors
Account Supervisors
CommWorks IP .ax Managers
CommWorks IP .ax Users
Assistants
Irrevocable permissions cannot be changed.
Groups
Server Supervisors Members of this group have all irrevocable permissions for
all objects, including:
I
I
I
Add Users
Control server set up
Set up security
Download from Www.Somanuals.com. All Manuals Search And Download.
1-6
CHAPTER 1: INTRODUCING SECURITY
Server supervisors cannot create fax jobs unless they also belong the 'ax Users
group.
Account Supervisors Account supervisors are created to provide added security
for individuals who need it. Defined properties of accounts might prevent server
supervisors (who create users) from viewing faxes, which are created by users in a
specific account.
The account structure supports three scenarios:
1 Non-ISP and non-V.N (identical to previous versions of CommWorks IP .ax)
One company owns the fax server, and all users of the server are employees of
that company. In this case, you might have just one account (i.e. the default
“Account #1”). All users belong to the one account and the server supervisor
might be the same person as the account administrator.
2 One ISP with several corporate clients
In this new scenario, the server is owned by an ISP. The ISP has several clients. Each
client is a corporation with several users.
3 The server supervisor is an employee of the ISP and is able to create new accounts
(i.e. add new corporate clients to the ISP's server). The server supervisor need not
be an administrator in these new accounts. Therefore, the server supervisor would
not need to view faxes owned by the various corporate client-accounts.
4 The account administrator for each account would be an employee of each
corporate client. The account administrator would therefore be able to administer
faxes, which are owned by that corporation, and able to administer the users
which are employees of that corporation. Each account administrator has no
authority over things, which belong to other accounts, nor authority over the
global Server Setup settings. These would be controlled by the server supervisor.
Each account administrator would also be responsible for adding new users to
their own accounts. It is important that this job of adding extra users to the
account should belong to the account administrator (an employee of the
corporate client), and not to the server supervisor (an employee of the ISP).
5 One ISP with many individual (home/end-User) clients
This scenario is similar to 2), except that each account contains only end-user.
CommWorks IP ꢀax Managers Members of this group have all irrevocable
permissions for all objects that are owned by the users that they manage,
including:
I
I
I
I
I
I
.ax jobs
Attachments
Cover pages
Phonebooks
.olders
User profile definition
Download from Www.Somanuals.com. All Manuals Search And Download.
Security Glossary
1-7
CommWorks IP ꢀax Users Members of this group have irrevocable permissions
to create fax jobs. You must belong to this group to create fax jobs.
Assistants Members of this group can do the same actions to fax jobs as the
person they assist.
Default Object Permissions
This section lists the permissions, by object, which all users have by default. .or
more information on what each permission means, see Permission Definitions by
Object later in this chapter.
All Attachments All users can List, View and Use attachments. Users have all
permissions to their own attachments (All Attachments Owned By Self).
Although network attachments are controlled here, attachments saved into
network subfolders are controlled by the 'older Permissions.
All Cover Pages All users can List, View and Use cover pages. Users have all
permissions to their own cover pages (All Cover Pages Owned By Self).
All ꢀax Jobs All users can have their faxes paused for review by their manager
when defined on the server (Authorize Send). Users have all permissions to their
own fax jobs (All .ax Jobs Owned By Self).
All ꢀolders All users can list the folder as well as view faxes, add faxes and
delete faxes from a folder. Users have all permissions to their own folders (All
.olders Owned By Self).
Attachments that are saved into network subfolders are controlled here instead of
using Attachment Permissions.
All Phonebooks All users can list and send a fax to a phonebook (either the
entire phonebook or a phonebook recipient). All users can also view, edit, add and
delete phonebook recipients. Users have all permissions to their own phonebooks
(All Phonebooks Owned By Self).
All User Profiles Users have no default permissions to All user Profiles.
However, users can list and view their own user profile.
Server Setup Users have no default permissions to Server Setup.
All 'Objects' Owned By Self .or each object, that users can create or own
there is a pre-defined object group:
I
I
I
I
I
All Attachments Owned by 'Self'
All Cover Pages Owned by 'Self'
All .ax Jobs Owned by 'Self'
All .olders Owned by 'Self'
All Phonebooks Owned by 'Self'
Download from Www.Somanuals.com. All Manuals Search And Download.
1-8
CHAPTER 1: INTRODUCING SECURITY
I
User Profile Owned by 'Self'
This group allows the creator of an object additional permissions for it. You can
change these permissions as needed. .or more information on the default
permissions users have for objects Owned By Self, see the previous section. .or an
example of how to change permissions on an Owned by Self group, see Chapter 3
Security Permission Examples.
Security Objects and The following lists each server object and the permissions you can set up for it. .or
Permissions each object type, you can have both groups and individual objects with their own
security permissions.
You can use this list when planning the type of security your company requires.
Permission Dependencies
Some permissions depend on other granted permissions before they can work. If
you have a permission to use, edit or remove something, you require the
appropriate List Permission before you can do so. The List Permission allows you to
see that the object exists. .or example, if you can Use all cover pages, but you do
not have the List Permission for cover pages, there will never be a cover page
visible to select.
Another dependency appears when you want to view or change a dialog that is
accessed from the User Properties dialog, such as User Preferences. You cannot
access the User Properties dialog without the granted permission to View.
Permission Definitions by Object
This section lists actions that can be taken on objects and provides a brief
definition. Permission is required before the action can be carried out.
Attachment Permissions
Attachment Permissions control attachments saved to the network folder. If the
Attachment is saved to a network subfolder, you must use the 'older Permissions
to control access.
Delete Attachment—Remove an Attachment from a network location using the
Attachments window.
List Attachment—See the Attachment in the list of existing attachments from the
Attachments window and .ax Send dialog. Other Attachment Permissions are only
useful when you have the List Permission.
Use Attachment—Send the Attachment with outbound faxes on the .ax Send
dialog.
View Attachment—View the Attachment contents from the Attachments window.
Cover Page Permissions Delete Cover Page—Remove a cover page from the
server location using the .ax Send dialog.
Download from Www.Somanuals.com. All Manuals Search And Download.
Security Glossary
1-9
List Cover Page—See that the cover page exists in the list of cover pages using the
.ax Send dialog. Other Cover Page Permissions are only useful when you have the
List Permission.
Use Cover Page—Send the Cover Page with outbound faxes from the .ax Send
dialog.
View Cover Page—View the Cover Page contents using the Cover Page Editor.
+ax Job Permissions
Authorize Send—.axes are automatically paused by the server if the Activate
Manager Send option is enabled on the Server Dialing dialog and the user has a
manager defined in the Manager field on the User Properties dialog.
Copy to Another User—Send another user a copy of a received fax using the
Move to User dialog.
Delete +ax Job—Remove a fax from the Send Log or Receive Log.
List +ax Jobs—See that the fax exists from the Send Log or Receive Log. Other
.ax Job Permissions are only useful when you have the List Permission.
Move to Another User—Move the fax to another user by changing the fax's
owner or routing a received fax to another user.
Pause +ax Job—Pause a fax from the Send Log.
Purge +ax Job—Permanently remove faxes marked as deleted from the Send Log
or Receive Log.
Resubmit—Change and resend a fax from the Send Log or Receive Log.
Unpause (Resume) +ax Job—Resume a fax that is currently paused from the
Send Log.
View All Pages—View all pages of a fax in the .ax Image Viewer.
View +irst Page—View the first page of a fax in the .ax Image Viewer.
ꢀolder Permissions
'older Permissions also affect attachments when the attachment is saved into a
network subfolder. Only attachments saved into the main network folder are
controlled by Attachment Permissions.
Add To +older—Add a fax to a folder in the Send Log or Receive Log window.
Delete Entire +older—Remove a folder and its contents from the .older menu.
Delete +rom +older—Remove a fax from a folder from the .older menu.
List +older—See that the folder exists from the Send or Receive Logs. Other
.older Permissions are only useful when you have the List Permission.
Download from Www.Somanuals.com. All Manuals Search And Download.
1-10 CHAPTER 1: INTRODUCING SECURITY
Rename +older—Change the folder's name from the .older Properties dialog.
View +rom +older—View a fax from the folder in the .ax Image Viewer.
Phonebook Permissions
Add to Phonebook—Add a recipient to a phonebook or phonebook group on
the Phonebooks window.
Delete Entire Phonebook—Remove the phonebook and all its contents from the
Phonebook window. This permission also allows you to Pack and Reindex the
phonebook, purging all recipient's marked as deleted and allowing the program to
read the phonebook faster.
Delete Phonebook Item—Remove a recipient from the phonebook or
phonebook group from the Phonebook window.
Edit Contents—Change the recipient information for the phonebook or
phonebook group using the Edit Recipient dialog.
List Phonebook—See that the phonebook exists in the Phonebook window and
.ax Send dialog. Other Phonebook Permissions are only useful when you have the
List Permission.
Rename Phonebook—Change the name of the phonebook or phonebook
group in the Phonebook window.
Send To Phonebook—Use the phonebook, phonebook group or individual
phonebook recipients when addressing faxes using the .ax Send dialog.
View Contents—View the detailed recipient information from the phonebook or
phonebook group using the Edit Recipient dialog.
User Profile Permissions
Delete User—Remove a user from the server from the Security Setup window.
Edit Pre-Defined Groups—Change someone's user level, meaning to add or
remove the user to or from the following pre-defined groups:
I
I
I
I
I
Server Supervisor
Account Supervisor
.ax Manager
.ax Administrator
.ax User
This permission also allows you to change a user's manager and define an
Assistant.
Edit User Preferences—Change the preferences for the user from the User
Preferences dialog.
Edit User Profile—Change the fields on the User Properties dialog for the user.
Download from Www.Somanuals.com. All Manuals Search And Download.
Security Glossary 1-11
Edit User's Phonebook Entry—Change the phonebook entry information for
the user from the user's Phonebook Entry dialog.
List User—See that the user exists on the Authorized Users dialog. Other user
permissions are only useful when you have the List Permission.
View User Profile—View the user Properties dialog for the user.
Server Setup
Users with this permission can ꢀ
Edit Dialing Restrictions—Change the dialing restrictions for the user from the
Dialing Restrictions dialog.
Create New Users—Add new users to the server using the Add Users dialog.
Edit Auto-Routing Table—Create, change and remove entries on the
Auto-Routing Table.
Monitor Server Status—View the .ax Server Monitor dialog.
Pause/Resume all Server Modems—Pause and Resume all .ax modems on the
server from the .ax Server Monitor dialog.
View/Edit Security Setup—Display and change groups and permissions using
the Security module. server supervisors have irrevocable permissions to this option.
If users or members of other pre-defined groups want to use this option, they can
only change their own permissions or the permissions of those they manage (for
.ax managers).
View/Edit Server Setup—Display and change the Server Setup dialog and all its
options.
Download from Www.Somanuals.com. All Manuals Search And Download.
Download from Www.Somanuals.com. All Manuals Search And Download.
WORKING WITH SECURITY
2
This chapter explains how to use the security module to create groups and edit
permissions.
Starting Security
The example below will use the Server Administrator button menu to work with
security features. Access is also available from the fax client screen.
To start the Security Setup window, the fax server must be running.
1 .rom the Microsoft Start button, click Programs.
2 Click 3Com Corporation.
3 Click Server Administrator.
4 Connection to the fax server will begin automatically. If connection screens are
configured to Show, press Connect in the Server Connection screen and sign in
with administrator permissions.
5 Click Setup Security from the main options window. The Security Setup screen is
displayed.
+igure 2-1 Security Setup Main Screen
Download from Www.Somanuals.com. All Manuals Search And Download.
2-2
CHAPTER 2: WORKING WITH SECURITY
Sorting Security The Security Setup screen has a command bar at the top. This section will address
Information some of the commands found in this area.
The table below describes commands under the Change item:
Table 2-1 Change Commands
Command Name
Description
Create New Group
Create a new group from the list of group types.
By default, Security is installed with the following types of
object groups:
I
I
I
I
I
I
I
Attachments
Cover Pages
.olders
Modems
Phonebooks
User Profiles
Users
Connect to Server
This command will re-establish the link with the fax server.
If Show connection is enabled, it is possible to connect to a
different server by selecting from the list.
Add New User
Cost Centers
Exit
The Add Users screen appears. Once the user name is
entered, the User Properties screen appears.
If using billing numbers for invoicing, this command will
allow assignment of numbers.
Save all changes and close the Security Setup screen.
The table below describes commands under the Sort item:
Table 2-2 Sort Commands
Command Name
Description
By Users
Use this to view and edit permissions for all user groups and
individual users in relation to the objects they are using.
By Objects
Use this to view and edit permissions for all managed object
groups (for example, modem groups) and individual objects
in relation to the user groups or individual users and how
they use these objects.
This is the default screen.
The table below describes commands under the Window item:
Table 2-3 Window Commands
Command Name
Description
Tile Vertically
When permissions are being changed, an new window is
created next to the main screen.
Tile Horizontally
These two commands change the appearance of the screen
to facilitate data manipulation by the administrator.
Download from Www.Somanuals.com. All Manuals Search And Download.
Starting Security
2-3
Setting Up Accounts In a new installation, two default accounts are created automatically: the account
names are reserved, and are displayed as “Account #1” and “System Account”.
These accounts cannot be deleted.
To view the list of accounts, click the plus sign (+) to expand the All Accounts
folder. Expand the account folders to view a list of account trustees, or users
within that account.
+igure 2-2 All Accounts .older
I
I
“Account #1” is the default account, containing all existing users.
The “System Account” is for User Records which are created automatically
by the server, including accounts on the network that identify remote servers
and database files.
Subsequent new accounts can be established, when a new user is created.
Creating Users and Accounts
A new user is created by the Server Supervisor or the Accounts Supervisor. At the
time when the user is created, it is associated with the same Account as its creator,
or assigned to a new Account. As the first user in a new Account, this person
would be the new Account Supervisor.
To create users manually, follow these steps:
1 Right-click in the white space of the screen.
2 .rom the menu screen, click Add New User. The Add User screen appears:
+igure 2-3 Add User
Download from Www.Somanuals.com. All Manuals Search And Download.
2-4
CHAPTER 2: WORKING WITH SECURITY
3 Enter the user’s name in the field and click Add. The User Properties screen
appears:
+igure 2-4 User Properties
.ields for this screen are described below:
Table 2-4 User Properties .ields
+ield Name
User ID
Description
Settings
User Name
User name appears
automatically.
No settings.
Authentication
Subdirectory
Set in previous screen. No settings.
A folder is created
based on the user’s
name.
No settings.
Unique ID #
A unique number is
generated for this user.
No settings.
Password/Confirm
User’s Machine Name
Permissions
This can be set now or later.
Use this identification if the user will receive alert messages.
Enable as many
Server Supervisor
checkboxes as are
appropriate. Even the
Server Supervisor must Manager
Account Supervisor
be identified as a .ax
User.
.ax Administrator
.ax User
Download from Www.Somanuals.com. All Manuals Search And Download.
Starting Security
2-5
+ield Name
Description
Settings
Active is the default setting.
Account Status
Active: All account
rules apply to this user.
+orwarded: All
inbound faxes and
activity charges will be
forwarded to the
account named in the
+orwarded To field
below.
Long Distance
Use this optional Access: An account number or
section if special codes access number may be required by
are needed to make
long distance calls.
your long distance service provider.
Prefix: Special commands to use
specific hardware devices or to
select outbound telephone lines.
Suffix: Long distance account
number identifier for group or user
tracking.
Cost Center
Identify the cost center By selecting <- New Account ->, a
to which the new user new Cost Center Account is
belongs.
created. The new user is established
as the Account Administrator of this
new account.
Initially, this drop-down
list contains two values:
I
Account#1 (Server
Supervisor belongs)
I
<-New Account->.
Manager
Identify the new user’s To make the new user the manager
manager, if listed.
of this account, click the Manager
checkbox in Permissions. The
name will appear in the list for
subsequent new users.
Billing Code
If billing code is used, it will appear here.
SQL Phonebook Restrictions These fields will not be enabled if the server does not use MS
SQL server as a database.
Phonebook Details
Click this button to inspect the User’s Phonebook Entry
screen. These details will appear in the internal phonebook
for all users.
User Preferences
Click this button to inspect how the user has configured send
priorities and notification methods.
Dialing Restrictions
If this user requires a restriction to be placed on certain
telephone numbers, use the screen behind this button.
ISDN
Maximums
Establish maximum number of pages or maximum size of file
if large fax transmissions need to be restrained.
Download from Www.Somanuals.com. All Manuals Search And Download.
2-6
CHAPTER 2: WORKING WITH SECURITY
Setting Up Groups After manually creating users, creating groups provides structure to the security
configuration. .or example, a separate group may be created for each department
so that the use of attachments, phonebooks or port devices is restricted. Setting
up groups prepares a default setting for each new user in that group. Exceptions
only need individual configuration.
Using groups means that, instead of setting permissions for each user, you can
assign group permissions to individual users. By default, users inherit the
permissions of all the user groups to which they belong.
By grouping objects, the same permissions for the group of objects can be
assigned to users or user groups.
The following procedures will be described below:
I
I
I
I
Creating a User-Defined Group
Managing Groups
Adding and Deleting Members
Deleting a User-Defined Group
Creating a User-Defined Group
1 .rom the Security Setup window right-click a user or object around which you
want create a group.
2 Click Groups.
3 Click Create New Group. The Create New Group dialog appears.
+igure 2-5 Create New Group
4 Select the type of group from the list and name the group. Click OK to open the
Add Members to Group screen:
+igure 2-6 Add Members to Group
Download from Www.Somanuals.com. All Manuals Search And Download.
Starting Security
2-7
5 The Add Members screen opens in a window to the left of the main screen.
Select users one-at-a-time or all at once. Click Add Member! and the names
appear in the expanded groupname folder.
+igure 2-7 Members Added
If you select an inappropriate group type is selected, Security will make an
automatic logic correction.
Managing Groups
At this point, it is important to distinguish the differences between pre-defined
groups and user-defined groups.
Table 2-5 Pre-Defined and User-Defined
Pre-Defined Group
User-Defined Group
Add members at any
time
yes, with Auto-Add
User
yes, with Add
Members!
Delete members at any yes
time
yes
Delete whole group
no
yes
Add Members to an Established User-defined Group
1 .rom the Security Setup dialog, select the group you want to use.
2 .rom the Change menu, select Add Group Members. The Add Members to
3 Select the users from the list and click Add Member! to include them in the list.
Deleting Members
1 In Security Setup, select the group you want to use.
2 Double-click the group to view its members and select the member you want to
remove.
3 .rom the Change menu, click Delete Group Member.
4 The member is removed from the group.
Download from Www.Somanuals.com. All Manuals Search And Download.
2-8
CHAPTER 2: WORKING WITH SECURITY
Deleting a User-defined Group
1 In Security Setup, select the group you want to remove.
2 .rom the Change menu, click Delete Group.
3 The group is removed from the list.
Sub-Groups
Users and objects can belong to more than one group. To view all groups to which
the user or object belongs, follow these steps:
1 Open the Security Setup window.
2 Select the group or individual you want to use.
3 .rom the Change menu, click Groups Which Contain ꢀ The Groups Which
Contain window opens.
+igure 2-8 Groups Which Contain
4 Make note of all groups selected group or individual belongs.
Setting Up Security Add and remove permissions from the Security Setup screen. These permissions
Permissions determine who can do what to each object. Create permissions for individuals or
groups of users.
Whether sorted by user or by object, the result is the same. .or example,
permissions for +ax Users to All Modems are identical to permissions for All
Modems for +ax Users. The permission stays with the user, regardless of where
the permission is created.
The following example starts with the users screen. To view and edit permission
values, follow these steps:
1 With administrator permissions, open the Security Setup window. Select Sort By
Users.
2 Open a user-defined group folder. In the example, Developers.
3 Select an object or object group. In the example, All +ax Jobs.
4 Expand that folder to view all sub-groups. Click one of them. In the example All
+ax Jobs Owned by ‘Self’ was chosen.
Download from Www.Somanuals.com. All Manuals Search And Download.
Starting Security
2-9
5 On the command bar, click Permissions. The Permissions window appears:
+igure 2-9 Object Permissions by User Group
6 This screen shows that all inherited permissions have been transferred to all users
in this group. Change one or two permissions to perform the next step.
+igure 2-10 Changed Permissions
7 Close the ‘Developers’ Permissions screen.
8 Change to Sort by Object.
9 Expand the All +ax Jobs group.
10 Expand the All +ax Jobs Owned by ‘Self’ group.
11 Click Developers.
12 Click Permissions to open the Permissions screen.
+igure 2-11 User Permissions by Object Group
13 The screen should be the same as the previous screen, when sorted by user.
Download from Www.Somanuals.com. All Manuals Search And Download.
2-10 CHAPTER 2: WORKING WITH SECURITY
Dominant Permission
When a user belongs to more than one group with different permissions, or is
individually defined for specific objects, which permission is used?
Rule 1. Individual’s permissions overrule the permissions for a group. An
individual permission overrides a group permission, even if the group permission
changes after the individual member was modified.
Rule 2. Explicit permission overrules inherited permission. So, what happens
when a user belongs to more than one group, and the permissions of one group
grant something while the other denies it?
Here is a fictitious example: Bill Gallagan belongs to the JrSales group and the
Developers group. Here are the inherited permissions for All Attachments for both
groups:
+igure 2-12 ‘All Attachments’ Permissions by User Group
Delete Attachments is permitted in the Developers group and not permitted in
the JrSales group.
Here is what the permissions look like for Mr. Gallagan:
+igure 2-13 ‘All Attachments’ Permissions by User
The negative permission is an overriding factor in this case. There are two ways to
adjust this:
Download from Www.Somanuals.com. All Manuals Search And Download.
Starting Security 2-11
1. Change the permission in this screen. An explicit permission will override a
group-inherited permission.
2. Make a specific group for Sales Attachments. These public attachments are
accessible by all sales persons. Gallagan has permission to delete in this object
group:
+igure 2-14 ‘All Attachments’ Permissions by User
Resetting Security The entire security module can be re-set back to default settings. Resetting is an all
or nothing option, so unless you want to return to the pre-defined settings, you
should use the security module to make corrections.
To reset security and return to the pre-defined setup
1 Stop the fax server if it is running.
2 In Windows Explorer, open the server directory.
3 One of the server's subdirectories is \SECURITY; delete this subdirectory and all the
files it contains.
The next time you run security it will uses the pre-defined setup.
Download from Www.Somanuals.com. All Manuals Search And Download.
Download from Www.Somanuals.com. All Manuals Search And Download.
SECURITY PERMISSION EXAMPLES
3
This chapter shows two example procedures. These samples build on concepts
discussed earlier in this guide.
Sample Sales
Permissions
This sample uses a group of users called SrSales and a group of attachments
called SalesAttachments. This sample explains how to change the permissions so
that only members of the SrSales group can use the attachments in the Sales
Attachments group.
.or more information on creating groups, see Chapter 2, “Working With Security”
in this guide.
Performing the example requires three steps:
1 Remove the SalesAttachments default user permission from the group.
a On the Server Administrator button menu, click Setup Security. The Setup
Security screen is displayed.
b If Sorted by User is displayed, switch to Sorted by Objects.
+igure 3-1 Sort By Objects
c Click the plus sign (+) to the left of All Attachments to expand the folder.
Download from Www.Somanuals.com. All Manuals Search And Download.
3-2
CHAPTER 3: SECURITY PERMISSION EXAMPLES
d Click SalesAttachments to expand the folder. Click Permissions!
+igure 3-2 Default Permissions
e The default permissions for Sales Attachments shows that no permissions are
granted.
2 Grant the Developers group permission to use the attachments in the
SalesAttachments group.
a .rom the Sorted By Objects window, click SalesAttachments.
b Double-click the group to display the users. Select the SrSales group.
c Click Permissions!. Change the Use Attachment permission by clicking it
and clicking Change Permission!.
+igure 3-3 Permission Changed
d The permission is now explicitly and exclusively granted to SrSales.
3 Inspect that permissions are assigned correctly.
a In the Setup Security screen, select Sort by Users.
b Open the Developers folder.
c Open the All Attachments folder and click on SalesAttachments.
Download from Www.Somanuals.com. All Manuals Search And Download.
Sample Sales Permissions
3-3
d Click Permissions! to see that these attachments cannot be used by this
group.
+igure 3-4 Development Permissions
e Open the SrSales group.
f Open the All Attachments folder and click on SalesAttachments.
+igure 3-5 SrSales Permissions
g Click Permissions! to see that these attachments can be used by this group.
Download from Www.Somanuals.com. All Manuals Search And Download.
3-4
CHAPTER 3: SECURITY PERMISSION EXAMPLES
To Change Individual Permissions
1 In the Sorted by Users window, select a user that does not belong to either the
SrSales group or the Server Supervisors pre-defined group. Double-click the
user to display the objects.
Check the groups to which a user belongs by selecting the user and clicking
Groups Which Contain... from the Change menu.
2 Under All Attachments, select Sales Attachments and click Permissions.
3 Make sure the Use Attachment permission is denied.
+igure 3-6 SalesAttachment Permissions
4 Now select a member of the SrSales group.
5 Select SalesAttachments and click Permissions to make sure the Use
Attachment permission is granted.
6 Click the first user again and go to the SalesAttachment item. Click
Permissions!
Download from Www.Somanuals.com. All Manuals Search And Download.
7 Click Change Permissions! to allow this user use of the SalesAttachments.
+igure 3-7 SalesAttachment Permissions Changed
Download from Www.Somanuals.com. All Manuals Search And Download.
Download from Www.Somanuals.com. All Manuals Search And Download.
1
Cover Page Permissions
G
INDEX
Create New Users
A
Account #
Account Status
D
Default Object Permissions
Default Permission
Delete Attachment
Delete Cover Page
Delete Entire .older
Delete Entire Phonebook
Delete .ax Job
Delete .rom .older
Delete Phonebook Item
Delete User
I
Irrevocable Permissions
ISDN
Add To .older
Add to Phonebook
Adding
Adding Members to Pre-Defined User
Groups 1-4
All Attachments
All Cover Pages
All .ax Jobs
All .olders
All Phonebooks
L
List
List Attachment
List Cover Page
List .ax Jobs
List .older
List Phonebook
List User
Dialing Restrictions
E
Edit Auto-Routing Table
Edit Contents
Long Distance
All User Profiles
Assistants
Attachment Permissions
Edit Dialing Restrictions
Edit Pre-Defined Groups
Edit User Preferences
Edit User Profile
Edit User's Phonebook Entry
M
Manager
Maximums
Authentication
Authorize Send
Member
adding to pre-defined User
Groups 1-4
B
Billing Code
Monitor Server Status
Move to Another User
+
.ax Job Permissions
.AXport Managers
.AXport Users
.older Permissions
C
O
Object
conventions
Copy to Another User
Object Icons
Overview
Cost Center
Download from Www.Somanuals.com. All Manuals Search And Download.
2
Security Permissions
Send To Phonebook
View .rom .older
View User Profile
View/Edit Security Setup
View/Edit Server Setup
Viewing
Owned By Self
Owned by Self
Server Setup
Server Supervisors
SQL Phonebook Restrictions
Subdirectory
P
Password/Confirm
Pause .ax Job
Pause/Resume all Server Modems
Permission
T
Permission Example
Permission Icons
Permissions
U
Unique ID #
Unpause (Resume) .ax Job
Use Attachment
Use Cover Page
Phonebook Details
Phonebook Permissions
User Groups
User ID
Positive and Negative Security
Permissions 1-2
User Name
Purge .ax Job
User Preferences
User Profile Permissions
User’s Machine Name
Users
R
Rename .older
Rename Phonebook
Resubmit
V
View All Pages
View Attachment
View Contents
View Cover Page
View .irst Page
S
Security
Security Objects
Download from Www.Somanuals.com. All Manuals Search And Download.
Download from Www.Somanuals.com. All Manuals Search And Download.
3Com Corporation
5400 Bayfront Plaza
P.O. Box 58145
Santa Clara, CA
95052-8145
©2000
3Com Corporation
All rights reserved
Printed in the U.S.A.
Part Number 10031370-01
Download from Www.Somanuals.com. All Manuals Search And Download.
|