55.1 Controlling User Access to Mailboxes
You control which users have access to their mailboxes by creating classes of service and assigning users membership in a class. For example, if you don’t want users on a particular post office to have access to their mailboxes through WebAccess, you can create a class of service that prevents access and then assign the entire post office membership in that class.
The following sections provide information to help you create and manage classes of service:
55.1.1 Class Membership
When you create a class of service, you assign membership in the class at a domain level, post office level, distribution list (group) level, or individual user level, which means that a user could be assigned membership in multiple classes. For example, a user might be a member in one class because his or her domain is a member; at the same time, the user is a member in another class because his or her post office is a member of that class. Because each user can have only one class of service, membership conflicts are resolved hierarchically, as shown below:
|
Membership assigned to a user through a... |
Overrides membership assigned to the user through the... |
|---|---|
|
domain |
|
|
post office |
|
|
distribution list |
|
|
user |
|
If a user’s membership in two classes of service is based upon the same level of membership (for example, both through individual user membership), the class that applies is the one that allows the most privileges. For example, if the user belongs to one class of service that allows access to WebAccess and another class that prevents access, the class that allows access applies to the user.
55.1.2 Creating a Class of Service
-
In ConsoleOne, right-click the WebAccess Agent object, then click .
-
Click to display the Access Control Settings page.
-
Click to display the Create New Class of Service dialog box.
-
Type a name for the class, then click to display the Edit Class of Service dialog box.
-
Select one of the following options:
Inherit Access: Select this option if you want members of this class of service to inherit their access from the default class of service or another class of service that they have membership in.
Allow Access: Select this option to enable members of the class to use WebAccess.
If you select you must also set a timeout interval. The timeout interval determines how long the WebAccess Agent keeps open a dedicated connection to the post office on behalf of the user. If the agent does not receive a user request within the specified interval, it closes the user’s connection to the post office in order to free up its resources and the Post Office Agent’s resources for other uses.
When the WebAccess Agent closes a user’s connection to the post office, the user is not logged out of WebAccess. The user can continue to use WebAccess. As soon as the agent receives a request from the user, it opens the user’s connection again. In general, you should leave the timeout interval set to the default 20 minutes.
You can also have users automatically logged out of WebAccess after a specified period of activity. WebAccess logout is handled by the WebAccess Application running on the Web server, not by the WebAccess Agent. For information, see Section 55.2, Setting the Timeout Interval for Inactive Sessions.
Prevent Access: Select this option to prevent members of the class from using WebAccess.
-
Click to display the Select GroupWise Object dialog box.
-
Select , , , or to display the list you want.
-
In the list, select the domain, post office, distribution list, or user you want, then click to add the object as a member in the class. You can Ctrl+click or Shift+click to select multiple users.
-
To add additional domains, post offices, distribution lists or users as members of the class of service, select the class of server, then click to display the Select GroupWise Object dialog box.
-
Click (on the Settings page) when finished adding members.
55.1.3 Adding Users to a Class of Service
The following steps help you add users to an existing class of service. For information about adding new classes of service, see Section 55.1.2, Creating a Class of Service.
-
In ConsoleOne, right-click the WebAccess Agent object, then click .
-
Click to display the Access Control Settings page.
-
In the list, select the class you want to add members to, then click to display the Select GroupWise Object dialog box.
-
Select , , , or to display the list you want.
-
In the list, select the domain, post office, distribution list, or user you want, then click to add the object as a member in the class.
-
Repeat Step 3 through Step 5 for each object you want to add.
55.1.4 Maintaining the Access Database
The Access database stores the information for the classes of service you have set up to control user access to GroupWise WebAccess. When problems occur, you can validate the database to check for physical inconsistencies with the database records and indexes. If inconsistencies are found, you can recover the database.
The Access database, gwac.db, is located in the domain\wpgate\webac80a directory.
This section includes the following information:
Validating the Access Database
Validating the Access database checks for physical inconsistencies with the database’s records and indexes.
-
In ConsoleOne, right-click the WebAccess Agent object, then click .
-
Click to display the Database Management page.
-
Click .
-
After the database has been validated, click .
If inconsistencies are found, see Recovering the Access Database.
Recovering the Access Database
When you recover the Access database, a new database is created and all salvageable records are copied to the new database. Because some records might not be salvageable, after the recovery you should check the classes of services you have defined to see if any information was lost.
-
In ConsoleOne, right-click the WebAccess Agent object, then click .
-
Click to display the Database Management page.
-
Click
-
After the database has been recovered, click .