Administrative Groups

This section describes the setup and Management of the Groups Web Interface, which a system administrator can use to delegate selected tasks to other system administrators.

The groups management feature makes it possible to create a customized web-based interface that permits system administrators to access a subset of PureMessage functionality. These sub-administrators (group administrators) can be given access rights by global administrators to manage select features of PureMessage, such as the quarantine, reports, lists and limited aspects of the PureMessage policy. Group administrators are often responsible for specific domains or groups of recipients within an organization.

Using a series of command-line tools, the global administrator can:

  • create a group
  • define the recipient addresses/domains that make up the group
  • create administrator accounts
  • grant administrators access rights to manage one or more groups
  • define group access rights

The ability to create groups gives an organization more flexibility in the way it deals with email filtering. For example:

  • An administrator can be given access rights to multiple domains within the organization, with a different set of permissions for each domain.
  • A "helpdesk" group can be defined that allows access to all relevant data, but does not permit account-holders to change policy options or edit lists.

Access rights are assigned on the basis of group/administrator pairs. First, the global administrator creates groups and group administrator accounts. Then the global administrator creates an association between the groups and the administrator accounts so that an administrator has access to manage one or more groups. See the Groups Setup tutorial for more about the steps required and the order in which they are performed. The group administrators GUI will reflect the access rights granted by the global administrator. Once it is configured, group administrators can use a supported browser to access the Groups Web Interface at https://<Hostname>:28443/groups. Global administrators can do the same by way of a full-access administrator account. For more information, see "Creating a Full-Access Administrator Account".

Important
Create and store all of the data related to groups, administrator accounts and access rights on the central server (CSM) so that it can be properly distributed to edge servers.

The global administrator uses the following command-line programs to set up and configure groups:

  • /opt/pmx6/bin/pmx-group : Used for adding and deleting groups, assigning administrators to groups, listing group details, creating group permissions, and modifying group permissions for PureMessage services running on remote servers.
  • /opt/pmx6/bin/pmx-group-file : A group file management utility used to add and delete group-specific documents and banners.
  • /opt/pmx6/bin/pmx-group-list : A group list management utility used to add and delete group lists.
  • /opt/pmx6/bin/pmx-group-policy : A utility for adding and deleting group-specific policy settings.
  • /opt/pmx6/bin/pmx-user : Used to create and delete administrator accounts, this command also has an option to create a full-access administrator account that has access rights to all configured groups, as well as data that is not group-specific.