9.1  Creating a User Group

Create a new group by clicking on the Add button. A guide for user group creation will be opened.

Step 1 — Name and description of the group

Name

Unique name of the group.

Creating a group — basic data

Figure 9.2. Creating a group — basic data


Description

Description of the group; may be left blank.

Publish in Global Address List

Name and address of the group will be published in the public Contact folder used as the company's internal address book.

If user accounts and groups are mapped from Active Directory or Apple Open Directory, the entire LDAP database is synchronized every hour automatically. If you do not wish to synchronize a user to public contacts, uncheck this option.

Note: Pressing the Finish button the wizard can be finished in any step. The group will be created and the “skipped” fields will be filled with default values.

Step 2 — Email accounts

This step defines all desired email accounts (aliases) of the group. There might be no address assigned to the group (unlike user accounts, the group address is not created automatically from the group name and domain where the group is defined).

Creating a group — e-mail address

Figure 9.3. Creating a group — e-mail address


Group addresses can be defined either in group definitions or in the Domain Settings → Aliases section. The first method is recommended — it is easier.

Note: If user accounts are maintained in Active Directory (see chapter 10.1  Active Directory), their aliases can be defined in Active Directory Users and Computers. Global aliases (in Domain Settings → Aliases) cannot be defined this way.

Step 3 — Members of the group

Using the Add and Remove buttons you can add or remove users to/from the group. If there are no user accounts created, a group may remain empty and users will be assigned to it when their user accounts are defined (see chapter 8.2  Creating a user account).

Creating a group — users addition

Figure 9.4. Creating a group — users addition


Step 4 — Access rights for the group

The group must be assigned one of the following three levels of access rights:

No access to administration

Users in this group have no access to Kerio MailServer administration.

Read only access

Users in this group can log in to Kerio MailServer administration but they can only view the logs and settings. They cannot alter any settings.

Read/Write access

Users in this group have full access rights.

Group can administer user accounts, ...

A special access right for Kerio Web Administration (for more information, see chapter 32  KMS Web Administration). This setting is independent on the access rights settings for Kerio Administration Console.

Group access rights are combined with user access rights. This implies that resulting user rights correspond either with their own rights or with rights of the appropriate group according to which ones have higher priority.

Step 5 — Advanced settings

This group can send/receive email from ...

This option allows the Kerio MailServer administrator to narrow traffic of this group's members to the local domain level. This feature may help solve issues of internal traffic in companies. If this option is enabled, no user of the particular group will be allowed to send or receive messages from external domains.