Scroll export button | ||||||||
---|---|---|---|---|---|---|---|---|
|
...
Scroll export button | ||||||||
---|---|---|---|---|---|---|---|---|
|
Info |
---|
This Guide explains and describes what permissions and limitations for PBX users and administrators can be set to limit access to certain PBX services and features. WMS Version: 5.0X / 46.0X Updated: September 2021May 2024 Permalink: https://wildix.atlassian.net/wiki/x/8xrOAQ |
Table of Contents |
---|
Introduction
...
- Admin (no limitations, assigned to “admin” user)
- Default (see Default ACL settings; assigned to new users by default)
ACL groups can be assigned to users in WMS -> Users -> select user / users -> “Group”:
All PBX users with admin permissions can:
...
Set up Inheritance: Select an ACL group: “Inherits from” (select the group)
Warning |
---|
Important: Wildix ACL groups support only single level inheritance. |
...
Note |
---|
Note: “Cannot” rule has priority over “Can”. Example: group B inherits from A “Can” – “Intercom”, but inside group B we add “Cannot” – “Intercom”, as a result, use of Intercom is prohibited for this group of users. |
ACL for outgoing calls – Supported countries for call classes
To forbid/ allow calls, use ACL "Can call / Cannot call".
Wildix PBX supports call classes for following countries:
- Austria
- Belgium
- Canada
- France
- Germany
- Italy
- Luxembourg
- Netherlands
- Spain
- Switzerland
- Portugal
- Ukraine
- United Kingdom
- USA
Call class detection for processing external calls
...
View ACL permissions
Starting from WMS Beta 6.03.20230424.1, it is possible to view permissions of all ACL groups in a table view, all in one place. Click on the Permissions viewer button at the bottom:
- The “Cannot” rule is displayed as a red minus sign, “Can” - as a green plus sign.
- A yellow plus/ minus sign means that there is a group with permissions different from the default ones. Hover the mouse over the yellow sign to see the details.
- Admin permissions are not included in the table.
ACL for outgoing calls – Supported countries for call classes
To forbid/ allow calls, use ACL "Can call / Cannot call".
Wildix PBX supports call classes for following countries:
- Austria
- Belgium
- Canada
- France
- Germany
- Italy
- Luxembourg
- Netherlands
- Spain
- Switzerland
- Portugal
- Ukraine
- United Kingdom
- USA
Call class detection for processing external calls
PBX differentiates national from foreign calls based on International Prefix in Dialplan -> General settings.
...
- North America
- Africa
- Europe1
- Europe2
- South America
- Oceania
- Russia
- Asia1
- Asia2
- International (WMS 4.0X/ WMS 5.0X, contains all mentioned call classes)
...
Recommendations to avoid calls to illegal destinations:
(as in Default ACL settings)
- First add the rule “cannot call All”
- Then add a number of “can call” rules
...
If "cannot" - "View" - "Group" limitation is set, a user is not able to see users from a specified group when configuring "Voicemail" Function Key.
Current limitation: "Cannot - Share status via Kite" and "Can - Modify presence - Everybody"
Warning |
---|
Important: The limitation is not applicable for WMS 5.02 since it was fixed (reference ticket WMS-8890). |
ACL "Cannot - Share status via Kite" breaks ACL "Can - Modify presence - Everybody". This means, if a user has ACL "Cannot - Share status via Kite", another user with ACL "Can - Modify presence - Everybody" is not able to change that user status.
...
The list of default ACL permissions of Default (users) and Admin (users with admin permissions) ACL groups:
...
APPENDIX 1. Default ACL permissions Anchor Default ACL permissions Default ACL permissions
Default ACL permissions | |
Default ACL permissions |
The list of default ACL permissions of Default (users) and Admin (users with admin permissions) ACL groups:
Group | Ability and access |
---|---|
Users |
|
PBX admins |
|
APPENDIX 2. Full list of ACL permissions Anchor
...
FulllistofACLpermissions
FulllistofACLpermissions |
...
FulllistofACLpermissions
FulllistofACLpermissions |
Can/ Cannot | Call - Group | Allow/ forbid calling certain groups of users | |||
use Virtual scanner - Group | Allow/ forbid using Virtual scanner Feature Code. More information: Virtual scanner | ||||
Modify presence - Group | Allow/ forbid setting user status of colleagues in Collaboration. By default, if no ACL rule is added, users are not allowed to set user status of colleagues. More information: Set user status in Collaboration | ||||
see full number in CDR-View | Allow/ forbid seeing full numbers in CDR-View in Collaboration. You can decide how many digits to hide in Call and chat history menu of WMS | ||||
Intercom - Group | Allow/ forbid using Intercom Feature Code. More information: Intercom | ||||
Intrusion - Group | Allow/ forbid call intrusion via Collaboration / Feature Code. More information: Call intrusion (barging), Intrusion Feature Code | ||||
Call Pickup - Group | Allow/ forbid pickup of other user's calls via Collaboration / Feature Code. More information: Call pickup and Pickup Feature Code | ||||
Modify public phonebooks | Allow/ forbid modifying any contact from a public WMS phonebook in Collaboration. Details: Phonebook | ||||
View - Group | Allow/ forbid viewing users in Colleagues roster and Recents chat in Collaboration as well as Colleagues phonebook | ||||
View calls of users - Group | Allow/ forbid viewing who is calling via Collaboration and VoIP phones. Details: Colleagues status information | ||||
Delete calls | Allow/ forbid deleting calls from History (not supported on W-AIR Handsets). By default, if no ACL rule is added, users are not allowed to delete calls. More information: Calls / faxes history | ||||
Share status via Kite | Allow/ forbid sharing user's status via Kite (no user status is shown when contacting user by Kite link) | ||||
Share status message via Kite | Allow/ forbid sharing user's status message via Kite (no status message is shown when contacting user by Kite link) | ||||
Share geolocation via Kite | Allow/ forbid geolocation sharing via Kite. More information: Limit access to Kite service | ||||
View geolocation via Collaboration - Group | Allow/ forbid viewing geolocation of users in Collaboration, iOS/ Android apps. More information: Geolocation | ||||
Manage the callcenter | Allow/ forbid performing actions on call groups’ members: put a user on hold, add users to call groups via call groups plugin and Call group management Feature Code (if forbidden, a user can perform the actions only on himself (add himself to a call group, put himself on pause in a call group) More information: WebAPI basic features and Call group management Feature code | ||||
Be looked up via dial by name | Allow/ forbid user to be looked up via dial by name feature (including ASR). The feature can be called via "Dial by name/ Directory" Dialplan application or Directory Feature Code via Collaboration, VoIP phones, WP600AXX/ Vision/ SuperVision, W-AIR handsets, iOS/ Android apps. More information: Directory and Dial by name/ Directory | ||||
See extensions | Allow/ forbid downloading Collaboration Extensions. More information: /wiki/spaces/DOC/pages/30285992 | ||||
See voicemail | Allow/ forbid using shared voicemail feature on WP480G/WP490G 2017, WorkForce, WelcomeConsole. More information: Shared voicemail feature | ||||
Disable two factor authentication | Allow/ forbid disabling Two-factor authentication in Collaboration. Details: Two-factor authentication | ||||
Enable video call | Allow/ forbid user to start or enable video calls in Collaboration. Details: Video call | ||||
See call recordings (starting from WMS 5.03) | Allow/ forbid users to access call recordings. This ACL works for call recordings started via Collaboration, Feature code, and Dialplan and hides call recordings both in Collaboration -> History and CDR-View. The ACL also allows/ forbids access to x-bees Sales Intelligence and Real-time transcriptions.
More information: Collaboration User Guide: Record a call, Dialplan applications - Admin Guide: Record a call, Feature Codes Guide | Create conferences | |||
Create conferences | Allow/ forbid creating chat/ video conferences in Collaboration. More information: Multiuser chat conference and /wiki/spaces/DOC/pages/30280852 | ||||
Can set/ Cannot set | Status (DND/Away) | Allow/ forbid setting DND/ Away status via Status Feature Code (can be dialed from any Wildix device) and VoIP phones (not supported in Collaboration, WP600AXX/ Vision/ SuperVision, iOS/ Android apps). More information: Status (DND/Away) Feature Code and WP4X0 Call Features | |||
Call Forward Busy | Allow/ forbid setting call forwardingSee analytics | Allows to choose data of which groups should be visible in Analytics (CDR-View 2.0) reports in Collaboration and x-bees, as well as gives access to x-bees Sales Intelligence and Real-time transcriptions. More information: Cloud Analytics (CDR-View 2.0) in Collaboration, CDR-View in x-bees, x-bees Analytics, Sales Intelligence in x-bees, How to use real-time transcription of x-bees calls and conferences. Note: The support starts from WMS 6.03.20230630.3. | |||
Can set/ Cannot set | Status (DND/Away) | Allow/ forbid setting DND/ Away status via Status Feature Code (can be dialed from any Wildix device) and VoIP phones (not supported in Collaboration, WP600AXX/ Vision/ SuperVision, iOS/ Android apps). More information: Status (DND/Away) Feature Code and WP4X0 Call Features | |||
Call Forward Busy | Allow/ forbid setting call forwarding if user is busy (not supported on WP600AXX/ Vision/ SuperVision)/ using Feature Code. Consult Call features, WP4X0 Call features, Android Settings, iOS Settings or Feature Codes Guide | ||||
Call Forward No Answer | Allow/ forbid setting call forwarding if user doesn't answer (not supported on WP600AXX/ Vision/ SuperVision)/ using Feature Code. More information: Call features, WP4X0 Call features, Android Settings, iOS Settings or Feature Codes Guide | ||||
Call Forward All | Allow/ forbid setting forwarding of all calls (not supported on WP600AXX/ Vision/ SuperVision)/ using Feature Code. More information: Call features, WP4X0 Call features, Android Settings, iOS Settings or Feature Codes Guide | ||||
Call waiting | Allow/ forbid receiving more than one call at a time (not supported on WP600AXX/ Vision/ SuperVision) / using Feature Code. More information: Call features, WP4X0 Call features, Android Settings, iOS Settings or Call waiting Feature Code | ||||
Mobility extension management | Allow/ forbid call forwarding to the mobile number (not supported on WP600AXX/ Vision/ SupeerVision)/ using Feature Code. More information: Call features, WP4X0 Call features, Android Settings, iOS Settings or Mobility extension management | ||||
Call timeout | Allow/ forbid setting call timeout after which an incoming call will be terminated via Collaboration or Feature Code. More information: Call features and Call timeout | ||||
Telephone blocked | Allow/ forbid using Telephone blocked Feature Code. More information: Telephone blocked | ||||
Ring only active device | Allow/ forbid activating only the active device ring via Collaboration or Feature Code. More information: Personal settings and Ring only active device Feature Code | ||||
Mobility confirmation | Allow/ forbid a user to be notified on who the caller is when he receives a call on mobility extension number via Collaboration or Feature Code. More information: Call features and Mobility confirmation | ||||
Function keys | Allow/ forbid configuring Function keys in Collaboration -> Settings -> Function keys. The access to already configured Function keys is saved. More information: Function keys | ||||
Timetable | Allow/ forbid configuring Timetable Function key in Collaboration and changing its status via Feature Code (Timetables and switches are created in WMS). Details: Timetable Feature Code | ||||
3 state switch | Allow/ forbid configuring 3 state switch Function key in Collaboration and changing its status via Feature Code. Details: 3 State Switch Feature Code | ||||
Switch | Allow/ forbid configuring Switch Function key in Collaboration and changing its status via Feature Code. More information: Switch Feature Code | ||||
Phonebooks | Allow/ forbid access to selected phonebooks (if forbidden, a user can access only phonebooks located in “Selected” section in WMS - > Users (select user) -> Edit preferences -> Settings -> Phonebooks) | ||||
Personal Information | Allow/ forbid changing personal information in Collaboration and Android/ iOS app (not supported on VoIP phones, WP600AXX / Vision/ SuperVision, W-AIR Handsets). Details: Personal information | ||||
Advanced status | Allow/ forbid access to advanced user status menu, including status message, until option, editing picture and setting location and Chat/ Presence menu, including custom statuses in Collaboration. More information: Status message and Chat/ Presence | ||||
Fax Server Settings | Allow/ forbid changing Fax Server Settings in Collaboration -> Settings -> Fax Server Settings. More information: Fax Server | ||||
Notify missed calls via email (WMS 4.0X/ WMS 5.0X) | Allow/ forbid receiving missed calls notifications via email in Collaboration -> Settings -> Features. More information: Call features | ||||
Notify missed calls via SMS (WMS 4.0X/ WMS 5.0X) | Allow/ forbid receiving missed calls notifications via SMS in Collaboration -> Settings -> Features. More information: Call features | ||||
Custom Ring (WMS 4.0X/ WMS 5.0X) | Allow/ forbid selecting the ringtone for VoIP phones and Collaboration in Collaboration -> Settings -> Features. More information: Call features | ||||
Predefined Advanced settings on Mobile | Allow/ forbid mobile users to change the Advanced settings in Collaboration app on mobile (currently, only Android is supported). More information: Custom config parameters List Note: The support starts from WMS 6.04.20230724.1. | ||||
All | |||||
Can use/ Cannot use | Collaboration | Allow/ forbid access to Collaboration (if forbidden, users have access only to the basic CTI interface, including calls, sending SMS/ fax, changing personal user status, without full access to Collaboration (no access to Colleagues, Function keys, Map view, Messaging menu) Attendant Console, Messaging menu) | |||
Attendant Console | Allow/ forbid access to Attendant Console in Collaboration. More information: Attendant Console | ||||
History | Allow/ forbid access to Calls/ faxes History (not supported on W-AIR Handsets). More information: Calls / faxes history | ||||
x-caracal | Allow/ forbid access to x-caracal. By default, access to x-caracal is forbidden. More information: x-caracal documentation Note: The support starts from WMS 6.03.20230630.3. | ||||
Analytics | Allow/ forbid | access to Attendant Console to use Analytics (CDR-View 2.0) in Collaboration. When allowed, the Analytics button is displayed in Collaboration. More information: | Attendant ConsoleHistory | Allow/ forbid access to Calls/ faxes History (not supported on W-AIR Handsets). More information: Calls / faxes historyCloud Analytics (CDR-View 2.0) in Collaboration. Note: The support starts from WMS 6.03.20230630.3. | |
CDR-View | Allow/ forbid access to CDR-View in Collaboration. Detailed information: CDR-View Guide | ||||
Speed dial | Allow/ forbid call phonebook short numbers using Speed dial Feature Code. More information: Speed dial Feature Code | ||||
Shared Recording | Allow/ forbid using Shared record Feature Code. More information: Shared record Feature Code | ||||
Personal Recording | Allow/ forbid access to personal recording in Collaboration and using Personal Recording Feature Code and Incall code *1 as well as Attendant Console. More information: Feature Codes Guide and Record a call | ||||
SMS | Allow/ forbid sending SMS via Collaboration. More information: SMS | ||||
Fax | Allow/ forbid sending faxes via Collaboration. More information: Fax | ||||
Paging | Allow/ forbid using Paging Feature Code to send a broadcast to a group of users. More information: Paging | ||||
Pre answer services | Allow/ forbid access to pre answer services (the voice prompt doesn't announce "press * for options"), including Voicemail, Intrusion, Intercom and Call completion, but the voice prompt announces user status: on the phone, busy, unavailable, no answer | ||||
Pre answer services & messages | Allow/ forbid access to pre answer services when user status is not announced at all. More information: Pre answer services | ||||
Phone settings menu | Allow/ forbid access to VoIP phone settings. More information: Phone settings | ||||
Advanced phone settings menu | Allow/ forbid access only to advanced phone settings "Network" and "Autoprovision" on VoIP phones. More information: Phone settings | ||||
Web phone | Allow/ forbid availability of web phone in Collaboration (if forbidden, web phone is not available in the list of devices in Collaboration and user cannot use Collaboration to place / receive calls via Web phone) | ||||
Voicemail | Allow/ forbid access to Voicemail and using Voicemail Feature Code. More information: Voicemails | ||||
Voicemail without pin code (WMS 4.0X/ WMS 5.0X) | Allow/ forbid PIN protection for Voicemail via XML (via the phone menu), Voicemail Feature Code, Voicemail access Dialplan application ("skip pin check (s)" option should not be activated). Details: Voicemail Note: By default, the ACL is enabled for the USA and Canada. To disable this behavior, change it to “Can use voicemail without pin code” | ||||
Contact center | Allow/ forbid using Contact center feature in Collaboration -> Settings -> Contact center. More information: Contact center | ||||
Trunk to trunk transfer | Allow/ forbid making transfers of calls received/ placed via trunk, including blind and attended transfers, and also calls from Kite | ||||
Forward to trunk | Allow/ forbid forwarding (Call Forward Busy/ No Answer/ All) of all calls to trunk received from trunk/ user extension. More information: Call features | ||||
All | |||||
Can call/ Cannot call | Internal | The description of call classes can be found in Call classes explanation Chapter | |||
Local | |||||
National | |||||
Mobile | |||||
Emergency | |||||
Free | |||||
Premium1 | |||||
Premium2 | |||||
Premium3 | |||||
Premium4 | |||||
North America | |||||
Africa | |||||
Europe1 | |||||
Europe2 | |||||
South America | |||||
Oceania | |||||
Russia | |||||
Asia1 | |||||
Asia2 | |||||
Numbers in allowed phonebooks | |||||
International (WMS 4.0X/ WMS 5.0X) | |||||
All |
APPENDIX 3. List of ACL admin permissions Anchor
...
appen3
appen3 |
...
appen3
appen3 |
Ability | Access | ||
---|---|---|---|
Can/ Cannot manage PBX | Allow/ forbid managing Server and Client PBXs | ||
Can/ Cannot manage group | Allow/ forbid managing any specific group | ||
Can/ Cannot access menu |
| ||
Can/ Cannot |
|
Macrosuite divider macro | ||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...