Scroll export button | ||||||||
---|---|---|---|---|---|---|---|---|
|
...
Scroll export button | ||||||||
---|---|---|---|---|---|---|---|---|
|
Info |
---|
This Guide explains and describes what permissions and limitations for PBX users and administrators can be set to limit access to certain PBX services and features. WMS Version: 5.0X / 6.0X Updated: January 2023May 2024 Permalink: https://wildix.atlassian.net/wiki/x/8xrOAQ |
Table of Contents |
---|
Introduction
...
- Admin (no limitations, assigned to “admin” user)
- Default (see Default ACL settings; assigned to new users by default)
ACL groups can be assigned to users in WMS -> Users -> select user / users -> “Group”:
All PBX users with admin permissions can:
...
Set up Inheritance: Select an ACL group: “Inherits from” (select the group)
Warning |
---|
Important: Wildix ACL groups support only single level inheritance. |
...
Note |
---|
Note: “Cannot” rule has priority over “Can”. Example: group B inherits from A “Can” – “Intercom”, but inside group B we add “Cannot” – “Intercom”, as a result, use of Intercom is prohibited for this group of users. |
ACL for outgoing calls – Supported countries for call classes
To forbid/ allow calls, use ACL "Can call / Cannot call".
Wildix PBX supports call classes for following countries:
- Austria
- Belgium
- Canada
- France
- Germany
- Italy
- Luxembourg
- Netherlands
- Spain
- Switzerland
- Portugal
- Ukraine
- United Kingdom
- USA
Call class detection for processing external calls
...
View ACL permissions
Starting from WMS Beta 6.03.20230424.1, it is possible to view permissions of all ACL groups in a table view, all in one place. Click on the Permissions viewer button at the bottom:
- The “Cannot” rule is displayed as a red minus sign, “Can” - as a green plus sign.
- A yellow plus/ minus sign means that there is a group with permissions different from the default ones. Hover the mouse over the yellow sign to see the details.
- Admin permissions are not included in the table.
ACL for outgoing calls – Supported countries for call classes
To forbid/ allow calls, use ACL "Can call / Cannot call".
Wildix PBX supports call classes for following countries:
- Austria
- Belgium
- Canada
- France
- Germany
- Italy
- Luxembourg
- Netherlands
- Spain
- Switzerland
- Portugal
- Ukraine
- United Kingdom
- USA
Call class detection for processing external calls
PBX differentiates national from foreign calls based on International Prefix in Dialplan -> General settings.
...
Recommendations to avoid calls to illegal destinations:
(as in Default ACL settings)
- First add the rule “cannot call All”
- Then add a number of “can call” rules
...
If "cannot" - "View" - "Group" limitation is set, a user is not able to see users from a specified group when configuring "Voicemail" Function Key.
Current limitation: "Cannot - Share status via Kite" and "Can - Modify presence - Everybody"
Warning |
---|
Important: The limitation is not applicable for WMS 5.02 since it was fixed (reference ticket WMS-8890). |
ACL "Cannot - Share status via Kite" breaks ACL "Can - Modify presence - Everybody". This means, if a user has ACL "Cannot - Share status via Kite", another user with ACL "Can - Modify presence - Everybody" is not able to change that user status.
...
The list of default ACL permissions of Default (users) and Admin (users with admin permissions) ACL groups:
...
APPENDIX 1. Default ACL permissions Anchor Default ACL permissions Default ACL permissions
Default ACL permissions | |
Default ACL permissions |
The list of default ACL permissions of Default (users) and Admin (users with admin permissions) ACL groups:
Group | Ability and access |
---|---|
Users |
|
PBX admins |
|
APPENDIX 2. Full list of ACL permissions Anchor
...
FulllistofACLpermissions
FulllistofACLpermissions |
...
FulllistofACLpermissions
FulllistofACLpermissions |
Can/ Cannot | Call - Group | Allow/ forbid calling certain groups of users | ||
use Virtual scanner - Group | Allow/ forbid using Virtual scanner Feature Code. More information: Virtual scanner | |||
Modify presence - Group | Allow/ forbid setting user status of colleagues in Collaboration. By default, if no ACL rule is added, users are not allowed to set user status of colleagues. More information: Set user status in Collaboration | |||
see full number in CDR-View | Allow/ forbid seeing full numbers in CDR-View in Collaboration. You can decide how many digits to hide in Call and chat history menu of WMS | |||
Intercom - Group | Allow/ forbid using Intercom Feature Code. More information: Intercom | |||
Intrusion - Group | Allow/ forbid call intrusion via Collaboration / Feature Code. More information: Call intrusion (barging), Intrusion Feature Code | |||
Call Pickup - Group | Allow/ forbid pickup of other user's calls via Collaboration / Feature Code. More information: Call pickup and Pickup Feature Code | |||
Modify public phonebooks | Allow/ forbid modifying any contact from a public WMS phonebook in Collaboration. Details: Phonebook | |||
View - Group | Allow/ forbid viewing users in Colleagues roster and Recents chat in Collaboration as well as Colleagues phonebook | |||
View calls of users - Group | Allow/ forbid viewing who is calling via Collaboration and VoIP phones. Details: Colleagues status information | |||
Delete calls | Allow/ forbid deleting calls from History (not supported on W-AIR Handsets). By default, if no ACL rule is added, users are not allowed to delete calls. More information: Calls / faxes history | |||
Share status via Kite | Allow/ forbid sharing user's status via Kite (no user status is shown when contacting user by Kite link) | |||
Share status message via Kite | Allow/ forbid sharing user's status message via Kite (no status message is shown when contacting user by Kite link) | |||
Share geolocation via Kite | Allow/ forbid geolocation sharing via Kite. More information: Limit access to Kite service | |||
View geolocation via Collaboration - Group | Allow/ forbid viewing geolocation of users in Collaboration, iOS/ Android apps. More information: Geolocation | |||
Manage the callcenter | Allow/ forbid performing actions on call groups’ members: put a user on hold, add users to call groups via call groups plugin and Call group management Feature Code (if forbidden, a user can perform the actions only on himself (add himself to a call group, put himself on pause in a call group) More information: WebAPI basic features and Call group management Feature code | |||
Be looked up via dial by name | Allow/ forbid user to be looked up via dial by name feature (including ASR). The feature can be called via "Dial by name/ Directory" Dialplan application or Directory Feature Code via Collaboration, VoIP phones, WP600AXX/ Vision/ SuperVision, W-AIR handsets, iOS/ Android apps. More information: Directory and Dial by name/ Directory | |||
See extensions | Allow/ forbid downloading Collaboration Extensions. More information: /wiki/spaces/DOC/pages/30285992 | |||
See voicemail | Allow/ forbid using shared voicemail feature on WP480G/WP490G 2017, WorkForce, WelcomeConsole. More information: Shared voicemail feature | |||
Disable two factor authentication | Allow/ forbid disabling Two-factor authentication in Collaboration. Details: Two-factor authentication | |||
Enable video call | Allow/ forbid user to start or enable video calls in Collaboration. Details: Video call | |||
See call recordings (starting from WMS 5.03) | Call Forward Busy | Allow/ forbid setting call forwarding if user is busyAllow/ forbid users to access call recordings. This ACL works for call recordings started via Collaboration, Feature code, and Dialplan and hides call recordings both in Collaboration -> History and CDR-View. The ACL also allows/ forbids access to x-bees Sales Intelligence and Real-time transcriptions.
More information: Collaboration User Guide: Record a call, Dialplan applications - Admin Guide: Record a call, Feature Codes Guide | ||
Create conferences | Allow/ forbid creating chat/ video conferences in Collaboration. More information: Multiuser chat conference and /wiki/spaces/DOC/pages/30280852 | |||
Can set/ Cannot set | Status (DND/Away) | Allow/ forbid setting DND/ Away status via Status Feature Code (can be dialed from any Wildix device) and VoIP phones (not supported in Collaboration, WP600AXX/ Vision/ SuperVision, iOS/ Android apps). More information: Status (DND/Away) Feature Code and WP4X0 Call Features | ||
Create conferences | Allow/ forbid creating chat/ video conferences in Collaboration. More information: Multiuser chat conference and /wiki/spaces/DOC/pages/30280852 | |||
See analytics | Allows to choose data of which groups should be visible in Analytics (CDR-View 2.0) reports in Collaboration and x-bees, as well as gives access to x-bees Sales Intelligence and Real-time transcriptions. More information: Cloud Analytics (CDR-View 2.0) in Collaboration, CDR-View in x-bees, x-bees Analytics, Sales Intelligence in x-bees, How to use real-time transcription of x-bees calls and conferences. Note: The support starts from WMS 6.03.20230630.3. | |||
Can set/ Cannot set | Status (DND/Away) | Allow/ forbid setting DND/ Away status via Status Feature Code (can be dialed from any Wildix device) and VoIP phones (not supported in Collaboration, WP600AXX/ Vision/ SuperVision, iOS/ Android apps). More information: Status (DND/Away) Feature Code and WP4X0 Call Features | ||
Call Forward Busy | Allow/ forbid setting call forwarding if user is busy (not supported on WP600AXX/ Vision/ SuperVision)/ using Feature Code. Consult Call features, WP4X0 Call features, Android Settings, iOS Settings or Feature Codes Guide | |||
Call Forward No Answer | Allow/ forbid setting call forwarding if user doesn't answer (not supported on WP600AXX/ Vision/ SuperVision)/ using Feature Code. More information: Call features, WP4X0 Call features, Android Settings, iOS Settings or Feature Codes Guide | |||
Call Forward All | Allow/ forbid setting forwarding of all calls (not supported on WP600AXX/ Vision/ SuperVision)/ using Feature Code. Consult More information: Call features, WP4X0 Call features, Android Settings, iOS Settings or Feature Codes Guide | |||
Call Forward No Answerwaiting | Allow/ forbid setting call forwarding if user doesn't answer receiving more than one call at a time (not supported on WP600AXX/ Vision/ SuperVision) / using Feature Code. More information: Call features, WP4X0 Call features, Android Settings, iOS Settings or Call waiting Feature Codes Guide Call Forward All | |||
Mobility extension management | Allow/ forbid setting forwarding of all calls call forwarding to the mobile number (not supported on WP600AXX/ Vision/ SuperVisionSupeerVision)/ using Feature Code. More information: Call features, WP4X0 Call features, Android Settings, iOS Settings or Feature Codes Guide Mobility extension management | |||
Call waitingtimeout | Allow/ forbid receiving more than one call at a time (not supported on WP600AXX/ Vision/ SuperVision) / using setting call timeout after which an incoming call will be terminated via Collaboration or Feature Code. More information: Call features and Call timeout | |||
Telephone blocked | Allow/ forbid using Telephone blocked Feature Code. More information: Call features, WP4X0 Call features, Android Settings, iOS Settings or Call waiting Telephone blocked | |||
Ring only active device | Allow/ forbid activating only the active device ring via Collaboration or Feature Code. More information: Personal settings and Ring only active device Feature Code | |||
Mobility extension managementconfirmation | Allow/ forbid call forwarding to the mobile number (not supported on WP600AXX/ Vision/ SupeerVision)/ using a user to be notified on who the caller is when he receives a call on mobility extension number via Collaboration or Feature Code. More information: Call features, WP4X0 Call features, Android Settings, iOS Settings or Mobility extension management Call timeout | |||
Function keys | Allow/ forbid setting call timeout after which an incoming call will be terminated via Collaboration or Feature Codeconfiguring Function keys in Collaboration -> Settings -> Function keys. The access to already configured Function keys is saved. More information: Call features and Call timeout Telephone blocked | |||
Timetable | Mobility confirmation | Allow/ forbid using Telephone blocked Feature Code. More information: Telephone blocked | ||
Ring only active device | Allow/ forbid activating only the active device ring via Collaboration or Feature Code. More information: Personal settings and Ring only active device Feature Code | |||
Allow/ forbid a user to be notified on who the caller is when he receives a call on mobility extension number via Collaboration or configuring Timetable Function key in Collaboration and changing its status via Feature Code (Timetables and switches are created in WMS). Details: Timetable Feature Code | ||||
3 state switch | Allow/ forbid configuring 3 state switch Function key in Collaboration and changing its status via Feature Code. Details: 3 State Switch Feature Code | |||
Switch | Allow/ forbid configuring Switch Function key in Collaboration and changing its status via Feature Code. More information: Call features and Mobility confirmation Function keys | |||
Phonebooks | Allow/ forbid configuring Function keys in Collaboration -> Settings -> Function keys. The access to already configured Function keys is saved. More information: Function keys | |||
Timetable | Allow/ forbid configuring Timetable Function key in Collaboration and changing its status via Feature Code (Timetables and switches are created in WMS). Details: Timetable Feature Code | |||
3 state switch | Allow/ forbid configuring 3 state switch Function key in Collaboration and changing its status via Feature Code. Details: 3 State Switch Feature Code | |||
Switch | Allow/ forbid configuring Switch Function key in Collaboration and changing its status via Feature Code. More information: Switch Feature Code | |||
Phonebooks | Allow/ forbid access to selected phonebooks (if forbidden, a user can access only phonebooks located in “Selected” section in WMS - > Users (select user) -> Edit preferences -> Settings -> Phonebooks) | |||
Personal Information | Allow/ forbid changing personal information in Collaboration and Android/ iOS app (not supported on VoIP phones, WP600AXX / Vision/ SuperVision, W-AIR Handsets). Details: Personal information | |||
Advanced status | Allow/ forbid access to advanced user status menu, including status message, until option, editing picture and setting location and Chat/ Presence menu, including custom statuses in Collaboration. More information: Status message and Chat/ Presence | |||
Fax Server Settings | Allow/ forbid changing Fax Server Settings in Collaboration -> Settings -> Fax Server Settings. More information: Fax Server | |||
Notify missed calls via email (WMS 5.0X) | Allow/ forbid receiving missed calls notifications via email in Collaboration -> Settings -> Features. More information: Call features | |||
Notify missed calls via SMS (WMS 5.0X) | Allow/ forbid receiving missed calls notifications via SMS in Collaboration -> Settings -> Features. More information: Call features | |||
Custom Ring (WMS 5.0X) | Allow/ forbid selecting the ringtone for VoIP phones and Collaboration in Collaboration -> Settings -> Features. More information: Call features | All | ||
Can use/ Cannot use | Collaboration | Allow/ forbid access to Collaboration (if forbidden, users have access only to the basic CTI interface, including calls, sending SMS/ fax, changing personal user status, without full access to Collaboration (no access to Colleagues, Function keys, Map view, Messaging menu) | ||
Attendant Console | Allow/ forbid access to Attendant Console in Collaboration. More information: Attendant Console | |||
History | Allow/ forbid access to Calls/ faxes History (not supported on W-AIR Handsets). More information: Calls / faxes historyaccess to selected phonebooks (if forbidden, a user can access only phonebooks located in “Selected” section in WMS - > Users (select user) -> Edit preferences -> Settings -> Phonebooks) | |||
Personal Information | Allow/ forbid changing personal information in Collaboration and Android/ iOS app (not supported on VoIP phones, WP600AXX / Vision/ SuperVision, W-AIR Handsets). Details: Personal information | |||
Advanced status | Allow/ forbid access to advanced user status menu, including status message, until option, editing picture and setting location and Chat/ Presence menu, including custom statuses in Collaboration. More information: Status message and Chat/ Presence | |||
Fax Server Settings | Allow/ forbid changing Fax Server Settings in Collaboration -> Settings -> Fax Server Settings. More information: Fax Server | |||
Notify missed calls via email (WMS 5.0X) | Allow/ forbid receiving missed calls notifications via email in Collaboration -> Settings -> Features. More information: Call features | |||
Notify missed calls via SMS (WMS 5.0X) | Allow/ forbid receiving missed calls notifications via SMS in Collaboration -> Settings -> Features. More information: Call features | |||
Custom Ring (WMS 5.0X) | Allow/ forbid selecting the ringtone for VoIP phones and Collaboration in Collaboration -> Settings -> Features. More information: Call features | |||
Predefined Advanced settings on Mobile | Allow/ forbid mobile users to change the Advanced settings in Collaboration app on mobile (currently, only Android is supported). More information: Custom config parameters List Note: The support starts from WMS 6.04.20230724.1. | |||
All | ||||
Can use/ Cannot use | Collaboration | Allow/ forbid access to Collaboration (if forbidden, users have access only to the basic CTI interface, including calls, sending SMS/ fax, changing personal user status, without full access to Collaboration (no access to Colleagues, Function keys, Map view, Messaging menu) | ||
Attendant Console | Allow/ forbid access to Attendant Console in Collaboration. More information: Attendant Console | |||
History | Allow/ forbid access to Calls/ faxes History (not supported on W-AIR Handsets). More information: Calls / faxes history | |||
x-caracal | Allow/ forbid access to x-caracal. By default, access to x-caracal is forbidden. More information: x-caracal documentation Note: The support starts from WMS 6.03.20230630.3. | |||
Analytics | Allow/ forbid to use Analytics (CDR-View 2.0) in Collaboration. When allowed, the Analytics button is displayed in Collaboration. More information: Cloud Analytics (CDR-View 2.0) in Collaboration. Note: The support starts from WMS 6.03.20230630.3. | |||
CDR-View | Allow/ forbid access to CDR-View in Collaboration. Detailed information: CDR-View Guide | |||
Speed dial | Allow/ forbid call phonebook short numbers using Speed dial Feature Code. More information: Speed dial Feature Code | |||
Shared Recording | Allow/ forbid using Shared record Feature Code. More information: Shared record Feature Code | |||
Personal Recording | Allow/ forbid access to personal recording in Collaboration and using Personal Recording Feature Code and Incall code *1 as well as Attendant Console. More information: Feature Codes Guide and Record a call | |||
SMS | Allow/ forbid sending SMS via Collaboration. More information: SMS | |||
Fax | Allow/ forbid sending faxes via Collaboration. More information: Fax | |||
Paging | Allow/ forbid using Paging Feature Code to send a broadcast to a group of users. More information: Paging | |||
Pre answer services | Allow/ forbid access to pre answer services (the voice prompt doesn't announce "press * for options"), including Voicemail, Intrusion, Intercom and Call completion, but the voice prompt announces user status: on the phone, busy, unavailable, no answer | |||
Pre answer services & messages | Allow/ forbid access to pre answer services when user status is not announced at all. More information: Pre answer services | |||
Phone settings menu | Allow/ forbid access to VoIP phone settings. More information: Phone settings | |||
Advanced phone settings menu | Allow/ forbid access only to advanced phone settings "Network" and "Autoprovision" on VoIP phones. More information: Phone settings | |||
Web phone | Allow/ forbid availability of web phone in Collaboration (if forbidden, web phone is not available in the list of devices in Collaboration and user cannot use Collaboration to place / receive calls via Web phone) | |||
Voicemail | Allow/ forbid access to Voicemail and using Voicemail Feature Code. More information: Voicemails | |||
Voicemail without pin code (WMS 5.0X) | Allow/ forbid PIN protection for Voicemail via XML (via the phone menu), Voicemail Feature Code, Voicemail access Dialplan application ("skip pin check (s)" option should not be activated). Details: Voicemail Note: By default, the ACL is enabled for the USA and Canada. To disable this behavior, change it to “Can use voicemail without pin code” | |||
Contact center | Allow/ forbid using Contact center feature in Collaboration -> Settings -> Contact center. More information: Contact center | |||
Trunk to trunk transfer | Allow/ forbid making transfers of calls received/ placed via trunk, including blind and attended transfers, and also calls from Kite | |||
Forward to trunk | Allow/ forbid forwarding (Call Forward Busy/ No Answer/ All) of all calls to trunk received from trunk/ user extension. More information: Call features | |||
All | ||||
Can call/ Cannot call | Internal | The description of call classes can be found in Call classes explanation Chapter | ||
Local | ||||
National | ||||
Mobile | ||||
Emergency | ||||
Free | ||||
Premium1 | ||||
Premium2 | ||||
Premium3 | ||||
Premium4 | ||||
North America | ||||
Africa | ||||
Europe1 | ||||
Europe2 | ||||
South America | ||||
Oceania | ||||
Russia | ||||
Asia1 | ||||
Asia2 | ||||
Numbers in allowed phonebooks | ||||
International (WMS 5.0X) | ||||
All |
...
Ability | Access | ||
---|---|---|---|
Can/ Cannot manage PBX | Allow/ forbid managing Server and Client PBXs | ||
Can/ Cannot manage group | Allow/ forbid managing any specific group | ||
Can/ Cannot access menu |
| ||
Can/ Cannot |
|
Macrosuite divider macro | ||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...