Users, groups and permissions
Setting up your Group-Office environment starts with setting up users, groups and permissions. This page will give you an example of what we think is the perfect Group-Office setup for companies that want to take full advantage of all Group-Office features for office use.
The administrator account
It's important that you use this account only for administrative purposes. We strongly advise you not to use this account as a regular user for safety and usability reasons. Basically use the administrator account only for:
- Adding and editing user accounts
- Adding and editing user groups
- Installing/removing modules
- Creating items that are commonly used for more users such as a global addressbook, shared calendars or a corporate HTML template for outgoing e-mail messages.
It's very important that you do this as an administrator so you will avoid the following scenario:
User 1 creates an addressbook and projects. This user shares these items with everybody. Everybody uses those items. Now User 1 no longer works at your company. Time to remove the user account. Oops! The projects and his addressbook are gone too!
Create user groups
First create user groups for your company. Permissions are much easier to handle with groups then with individual users. When you grant the secretary access to all calendars as a user it will be a painful job to reset all permissions to another user when a new secretary joins the company. If you had done it with a group you could simply add the new employee to the secretary user group. So choose your groups wise with user permissions in mind. For example create:
- A secretary group called "Secretary"
- A group for the engineers called "Engineering"
A few special groups are created by default:
- Admins, users of this group will have permission to everything. Usually you don't want to add any user to this group. See above.
- Everyone, all users are in this group. Use carefully when granting permissions to this group.
- Internal, this group is created by default and new users are commonly added to this group by default. It should contain all company users and not your customers
Now that we've got the groups set up it's time to add the users. You can do this at:
Start menu -> Users -> Add
Fill in the profile fields. Mandatory are First name, Last name, Username, Password and e-mail. Make sure you setup the right regional settings for the users. The timezone is particularly important because events will shift if you change this setting later on.
Also pay attention to the "Permissions" tab. Remember that the default permissions can be set by the system administrator in the main configuration file (config.php).
You can also give user groups access to particular modules. This way you can manage module access easier. You'll just have to add the new user to the right group. When a user has access to a module by a user group, the access checkbox will be greyed out. In most cases you should give users only "Usage" access to modules. The difference between Usage and Manage permissions on module are described in the table below:
|Module||Extra privileges with manage permissions|
|Addressbook||Create addressbooks, change ownership of addressbooks|
|Calendar||Create calendars, change ownership of addressbooks, edit all events|
|Summary||Manage announcements on the right side of the screen|
|Edit and add account settings|
The second column controls the user groups the user is a member of. You can also manage the members of a group at Start menu -> Groups -> Double click the group
The last column controls which users groups are allowed to see this user. Users that are not in one of the checked groups will never be able to share items with this user.
Sharing calendars, addressbooks etc.
You have to navigate to the item yo share items like calendars and addressbook. Here are a couple of links to help you get started:
There are more items that you can share but that works similar to sharing calendars and addressbooks.
Many items in Group-Office are protected with permissions. For example addressbooks, tasklists, calendars, Note categories, Billing books and project types have access control. When you setup permissions you can add user groups and users to the access control list. There are four different levels of permission:
- Read only
- Read and write
- Read write and delete
With manage permission you are also allowed to control access and change the ownership of the item.
When you add a new user or group it has read permission by default. You can change the level by clicking it in the grid. See the screenshot below.