3.2 Groups

After you have created users, you can group them for the purpose of assigning the same settings and rights to everyone in the group.

For example, you could create a group named “Auditors” and assign the group rights to specific functions that an auditor needs.

Or you could create a group named GW-MFA and enable Multi-factor Authentication as an inheritable setting. GroupWise and on-prem Exchange users with GW-MFA as their assigned Configuration Group, could then inherit the setting and access Retain using multi-factor authentication (MFA).

Path: Retain Server Manager > Management > Groups

The groups page lists all defined groups, including the group named default, which is created when you install Retain.

Users are automatically assigned to default when they are first created. If you want users to be part of other groups, you can create them and then add users to them.

Use the information in the following sections to manage the groups on your Retain system.

3.2.1 Settings Tab

Path: Retain Server Manager > Management > Groups > Settings tab

Table 3-2 Using the Settings tab

Field, Option, or Button

Information and/or Action

Group-specific Settings Panel

These settings are specific to each group.

Changes take effect when you click Save.

  • Description

  • Optional information about the group.

  • Group Membership

  • A list of users belonging to the group.

  • Configuration Group Membership

  • A list of users who have this group assigned as their Configuration Group.

    Before users can be assigned here, they must be listed in the Group Membership list. If they are subsequently removed from the Group Membership list, they are automatically removed from this list.

  • Adding a user to this list, automatically sets this group as the user’s Configuration Group in the Inheritable Settings from Group Panel (User context).

  • Setting this group as the Configuration Group for multiple users is more easily accomplished by adding the users here than by accessing each user’s Inheritable Settings from Group panel individually and then selecting this group.

  • Remove Member buttons

  • Click this to remove the selected users.

  • Add Members button

  • Click this to display a list of users.

  • Select one or more users and click OK.

Inheritable Settings from Group Panel (Group context)

The settings specified for the following fields can be inherited by users who have this group selected as their Configuration Group.

Settings you make in this panel are only potentially effective if this group is selected as a User’s Configuration Group and another setting made in the user’s configuration doesn’t override the setting.

  • Language

  • The language used in the search interface for this user.

    Users can inherit this value if this group is selected as their Configuration Group and they haven’t selected an alternative value.

  • Allow User to Change Password

  • This setting controls whether users are able to store their internal password.

  • Authentication Method

  • Users can inherit this setting if this group is their specified Configuration Group:

    • Offline Authentication: Credentials stored within Retain, any type of user

      • If you use this authentication method, store the password here.

      • It can be changed as needed.

      • You can prevent users from changing it.

      • Passwords are always stored in an encrypted format - never in clear text.

    • LDAP Authentication (GW): Must be set up in the GroupWise module > LDAP Tab.

    • SOAP Authentication (GW): Users are automatically entered into Retain's user list

    • Exchange Authentication: Users are automatically entered into Retain's user list

    • Google IMAP: Google users are authenticated through IMAP to the Google system

    • Use Exclusively: Allows the user to only use one type of authentication. If this setting is not checked, it will try one authentication and if that is unsuccessful, it will try another

  • Enable Multi-factor Authentication

  • GroupWise and on-prem Exchange users can inherit this value if this group is selected as their Configuration Group and they haven’t selected an alternative value.

  • Forwarded Messages Comment

  • The default comment for forwarding messages.

    Users can inherit this value if this group is selected as their Configuration Group and they haven’t selected an alternative value.

  • Forwarded Messages Internet Domain

  • Automatically append the specified address to forwarded messages.

    Users can inherit this value if this group is selected as their Configuration Group and they haven’t selected an alternative value.

  • Date Display Format

  • How to display dates.

    Users can inherit this value if this group is selected as their Configuration Group and they haven’t selected an alternative value.

  • Time Display Format

  • How to display time.

    Users can inherit this value if this group is selected as their Configuration Group and they haven’t selected an alternative value.

  • Display Number of Messages Per Page

  • How many items to display per page.

    Users can inherit this value if this group is selected as their Configuration Group and they haven’t selected an alternative value.

  • Message Age Display

  • Default date filter for searching. Can be changed on the fly.

    Users can inherit this value if this group is selected as their Configuration Group and they haven’t selected an alternative value.

  • View Message Format

  • Whether to display HTML format when possible or always display text regardless of actual format.

    Users can inherit this value if this group is selected as their Configuration Group and they haven’t selected an alternative value.

  • Session Timeout (Minutes)

  • A value between 10 and 480 minutes.

    Users can inherit this value if this group is selected as their Configuration Group and they haven’t selected an alternative value.

3.2.2 Group Rights Tab

Group rights are the same as user rights User Rights Tab, just applied to the entire group.

In this tab, you define all the rights that will be common to all members of the group. These rights are ADDITIVE and will be in ADDITION to the rights you have explicitly given to the individual user.

For this reason, if you want to manage users as a group, you would typically not assign any individual rights. Rather, you would assign rights to their group. These rights have all the same meanings and functions as the user rights.

To log into and manage or monitor Workers, a User or Group must have the manage workers, Schedules, Profiles, Jobs right. To set or work with the Deletion Manager, the user must likewise have the Deletion Manager right, or they will not be able to modify those settings. There are, however, certain rights which implicitly grant other rights. For example, granting a Group the Restore Messages [Any Mailbox] right automatically grants the Restore Messages [Own Mailbox] right.

TIPS

Typically, you will not want to grant GroupWise Reporting and Monitoring rights to a group, but in a situation where you have more than one GroupWise Reporting and Monitoring control center and you want to see which one is monitoring, group-level GroupWise Reporting and Monitoring rights would be appropriate.

Typically, you will want to make the default group’s rights rather restrictive, granting very limited access by default. If you wanted a user to have more rights, you would simply assign them to another group or you could assign additional explicit rights.

By using groups, you can have groups of individuals with rights to totally different sets of archives. Other than their own mailboxes, users only get rights to the mailboxes that you grant to them.

3.2.3 MailboxesTab

  • This screen works exactly like the user’s access to mailboxes. Please see the user’s mailbox section for details on how to select which mailbox or mailboxes to assign to the group.

  • You use the address book selector to choose which mailbox or mailboxes to give the group access to.

  • By default, groups have access to NO mailboxes; users may only access their own mailboxes. If the user exists only in Retain (no GroupWise account) and their group has access to no mailboxes, then they will have access to no mailbox either.

  • Only give group access to mailboxes when you want all members of the group to be able to access a particular mailbox. Some examples could include a general sales account or accounts being audited by a group of auditors, a workgroup needing to access each other’s archives, and so on.

3.2.4 Creating a New Group

If you want to create a new group, simply

  1. Click “Add Group”

  2. Type the name in “Group”

  3. Change the properties of the group in the tabs below

  4. Click “Save Changes”