Storage - Security

Each store is associated with its own security permissions that are used to determine which users can access it (via. search options) and what level of access those users have.

By default when a store is created, the user creating the store has access to Everyone’s email messages. All other users have access to only their own messages. However, access permissions can be defined with as much or as little granularity as required - for example, you can grant specified users access to all messages in the store, just their own messages in the store, all messages for a specified Active Directory group (and/or group members), a specific email address, etc. (to see all options click here).

These permissions are defined on the security tab:

Store - Security

Here, users, groups or organizational units (OUs) are added in the left-hand pane and then their access permissions are added in the right-hand pane. If required, you can also edit or remove existing permissions.

An organizational unit is an Active Directory container into which users, groups, computers, and other organizational units can be placed.

Adding a user, group, organizational unit or everyone

To add permissions for a store, you should first add the required user, group or organizational unit for whom permissions will be set. Alternatively, you can choose to add everyone. To do this, select the appropriate item from the add menu:

Add user, group, OU or eveyone

Selecting a user, a group or organizational unit will display a selection window. For example, choosing to add an OU displays the Active Directory Container window:

Active Directory Containers

Simply navigate the selection window and select the required entry (choosing to add everyone simply adds this entry to the left-hand pane, without opening a selection window). Having added required users, groups and OUs, select each entry in turn and add required permissions.

Adding or updating access permissions

To set permissions for a user, a group or organizational unit (or for everyone), select the required entry in the left-hand pane; this activates options in the right-hand pane:

Add permissions

In some cases, suggested permissions are automatically added. For example, when everyone is added to the left-hand pane, default access permissions are set to self in the right-hand pane - i.e. everyone should have access to their own emails in the store.

To add permissions, click the add option (at the top of the right-hand pane) to open the store access permissions window and set required permissions for the selected entry:

Add Permissions

These options are summarized below:

Option	The Selected User Will Have Access To...
Self	Only to their own email messages in this store.
Everyone	All email messages in this store.
User	Any email messages in this store sent or received by the selected Active Directory user (use the [...] button to browse and select the required user).
Group	Any email messages in this store sent or received by the group in the store. Choose from: Groups only. The selected entry can access email messages sent to/from the selected group name (use the [...] button to browse and select the required group) Group and members. The selected entry can access email messages for any members within the selected group and email messages which are sent to/from the group name (use the [...] button to browse and select the required group)
Members of this OU	Any email messages in this store for members of the selected organizational unit (use the [...] button to browse and select the required organizational unit).
Contact	Any email messages for a specified contact - i.e. an external party who has been added to the Active Directory as a contact (for example, a supplier).
Email Address	Any email messages sent to or from a specified email address.

Editing existing permissions

To edit permissions that have already been defined for a user, a group or organizational unit (or for everyone), select the required entry in the left-hand pane. Any existing permissions for the selected entry are displayed in the right-hand pane. From here, simply select the required permission and click the edit button (at the top of the right-hand pane) to open the store access permissions window and make required adjustments.

Note that any changes made do not take effect until the save option is chosen (at the top of the console). Alternatively choose cancel to abandon all changes.

Removing permissions

To remove permissions that have already been defined for a user, a group or organizational unit (or for everyone), select the required entry in the left-hand pane. Any existing permissions for the selected entry are displayed in the right-hand pane - simply select the required permission and click the delete icon (the red cross at the top of the right-hand pane).

Alternatively, you can entirely remove a user, a group, an organizational unit or an everyone entry. To do this, select the required entry in the left-hand panel and click the delete icon (the red cross at the top of the left-hand pane).