15.5  User groups

User accounts can be sorted into groups. Creating user groups provides the following benefits:

User groups Definitions

User groups can be defined in User and Groups → Groups.

WinRoute user groups

Figure 15.17. WinRoute user groups


Domain

Use the Domain option to select a domain for which user accounts or other parameters will be defined. This item provides a list of mapped Active Directory domains (see chapter 15.4  User accounts in Active Directory — domain mapping) and the local user database.

In WinRoute, it is possible to create groups only in the local user database. It is not possible to create groups in mapped Active Directory domains. It also not possible to import groups from the Windows NT domain or from Active Directory.

In case of groups mapped in Active Directory domains, it is possible to set only access rules (see below — step 3 of the user group definition wizard).

Search

The Search engine can be used to filter out user groups meeting specified criteria.

The searching is interactive — each symbol typed or deleted defines the string which is evaluated immediately and all groups including the string in either Name or Description are viewed. The icon next to the entry can be clicked to clear the filtering string and display all groups in the selected domain (if the Search entry is blank, the icon is hidden).

The searching is helpful especially when the domain includes too many groups which might make it difficult to look up particular items.

Creating a new local user group

In the Domain combo box in Groups, select Local User Database.

Click Add to start a wizard where a new user group can be created.

Step 1 — Name and description of the group

Creating a user group — basic parameters

Figure 15.18. Creating a user group — basic parameters


Name

Group name (group identification).

Description

Group description. It has an informative purpose only and may contain any information or the field can be left empty.

Step 2 — group members

Creating a user group — adding user accounts to the group

Figure 15.19. Creating a user group — adding user accounts to the group


Using the Add and Remove buttons you can add or remove users to/from the group. If user accounts have not been created yet, the group can be left empty and users can be added during the account definition (see chapter 15.1  Viewing and definitions of user accounts).

Hint

When adding new users you can select multiple user accounts by holding either the Ctrl or the Shift key.

Step 3 — group access rights

Creating a user group — members' user rights

Figure 15.20. Creating a user group — members' user rights


The group must be assigned one of the following three levels of access rights:

No access to administration

Users included in this group cannot access the WinRoute administration.

Read only access

Users included in this group can access the WinRoute administration. However, they can only read the records and settings and they are not allowed to edit them.

Full access to administration

Users in this group have full access rights.

Additional rights:

Users can override WWW content rules

User belonging to the group can customize personal Web content filtering settings independently of the global configuration (for details see chapter 12.3  Global rules for Web elements).

User can unlock URL rules

This option allows its members one-shot bypassing of denial rules for blocked websites (if allowed by the corresponding URL rule — see chapter 12.2  URL Rules). All performed unlock actions are traced in the Security log.

Users can dial RAS connection

If the Internet connection uses dial-up lines, users of this group will be allowed to dial and hang up these lines in the Web interface (see chapter 11  Web Interface).

Users can connect using VPN

Members of the group can connect to the local network via the Internet using the Kerio VPN Client (for details, see chapter 23  Kerio VPN).

User can use Clientless SSL-VPN

Members of this group will be allowed to access shared files and folders in the local network via the Clientless SSL-VPN web interface. For details, see chapter 24  Kerio Clientless SSL-VPN.

Users are allowed to use P2P networks

The P2P Eliminator module (detection and blocking of Peer-to-Peer networks — see chapter 17.1  P2P Eliminator) will not be applied to members of this group.

Users are allowed to view statistics

Users in this group will be allowed to view firewall statistics in the web interface (see chapter 11  Web Interface).

Group access rights are combined with user access rights. This means that current user rights are defined by actual rights of the user and by rights of all groups in which the user is included.