77.3 Controlling Access to GroupWise Web

The Access Control settings for GroupWise Web enable you to allow or deny logins of GroupWise users and resources to the GroupWise Web platform. These settings are managed in the GroupWise Administration Console.

The system default is to allow the use of GroupWise Web for all GroupWise users. You can retain this global setting, change it to the opposite global setting to prevent all users from accessing GroupWise Web, or use one of the global settings with added exceptions to allow or prevent access to individual users or resources, or collectively based on object type.

For example, you can add an exception for all users (and resources) in a particular group, post office, or domain object. After saving the exception, the opposite action of the selected global setting is enforced on those users to either deny or allow access.

77.3.1 Modifying Access Control for GroupWise Web

To modify the Access Control settings for GroupWise Web:

  1. Log in to the Administration Console and navigate to System > GroupWise Web.

  2. Select the Access Control tab.

  3. Choose the global setting for Default Access.

  4. If required, click Add to define specific user/resource exceptions to the selected global setting to either prevent or allow access to GroupWise Web.

  5. Use the radio button options to add exceptions individually or collectively.

  6. Click OK to save your changes.

HINT:If you require multiple exceptions, it may be helpful to both you and other administrators to log the reasons for the exceptions or other information specific to those exceptions in the Description field of the General tab.

77.3.2 Checking User Access to GroupWise Web

You can check GroupWise access settings for individual users or resources via the GroupWise Administration Service for a quick lookup of possible exceptions or to troubleshoot for a user that cannot log in. Simply enter the identifying domain, post office, and user or resource name using the URL syntax below and the access status is returned for that object.

https://<admin service IP address>:<admin port>/gwadmin-service/gwwebservers/acltest/domain/<domain name>/postoffice/<post office name>/object/<user or resource name>

Two examples are provided below of returns for “buser” and “auser”. This check provides the same information as the POA log, so you can check what the Access Control is for specific users.

Example 1. This check shows the user is denied access based on an individual Access Control exception.

Example 2.This check shows that the user is denied access because an Access Control is set on a group that the user is a member of.