Skip to end of banner
Go to start of banner

ACL rules and Call classes management Admin Guide

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

This Guide explains and describes what permissions and limitations fro PBX users and administrators can be set to limit access to certain PBX services and features.

Updated: July 2018

Permalink: https://confluence.wildix.com/x/eQaIAQ

Introduction

ACL (Access Control List) is a number of permissions and limitations for PBX users and PBX administrators.

Via ACL for PBX users it is possible to forbid certain groups of users external calls to certain call classes, limit access to certain PBX services and UC features.

Via ACL for PBX administrators it is possible to limit access to certain WMS menus and forbid certain operations related to PBX management to groups of PBX admins.

Admin and Default ACL groups and permissions

ACL groups can be managed and created in WMS -Users -> Groups.

By default there are two ACL groups on PBX:

  • Admin (no limitations, assigned to “admin” user)
  • Default (see Default ACL settings; assigned to new users by default)


ACL groups can be assigned to users in WMS -> Users -> select user / users -> “Group”:

All PBX users with admin permissions can:

  • Edit permissions of ACL groups (click Edit permissions button to manage)

“admin” user in addition can:

  • Create and delete ACL groups
  • Set up inheritance
  • Manage admin permissions for PBX administrators (click Edit admin permissions button to manage)

Note: ACL groups are shared via WMS Network. Detailed information about WMS Network can be found here: WMS Network.


Inheritance

Set up Inheritance: Select an ACL group: “Inherits from” (select the group)

Important: Wildix ACL groups support only single level inheritance.


Example: group B inherits from A; group C can't inherit from B because B already inherits from another ACL group A.


Note: “Cannot” rule has priority over “can”.

Example: group B inherits from A “Can” – “Intercom”, but inside group B we add “Cannot” – “Intercom”, as a result, use of Intercom is prohibited for this group of users.


ACL for outgoing calls – Supported countries for call classes

To forbid/ allow calls, use ACL "Can call / Cannot call".

Wildix PBX supports call classes for following countries:

  • Austria
  • Belgium
  • Canada
  • France
  • Germany
  • Italy
  • Luxembourg
  • Netherlands
  • Spain
  • Switzerland
  • Portugal
  • Ukraine
  • United Kingdom
  • USA

Call class detection for processing external calls

PBX differentiates national from foreign calls based on International Prefix in Dialplan -> General settings.

Country code in trunk settings is used for number normalization (number is not normalized if country code is empty)

Available classes for processing of calls inside configured country:

  • National
  • Mobile
  • Emergency
  • Free
  • Premium1
  • Premium2 (Germany, Austria)

Available classes for processing of calls to/ from other countries (see Call classes explanation):

  • North America
  • Africa
  • Europe1
  • Europe2
  • South America
  • Oceania
  • Russia
  • Asia1
  • Asia2

Call class for unknown countries is 0 and call will not be blocked by ACL.

Recommendations to avoid calls to illegal destinations:

(as in Default ACL settings)

  • First add the rule “cannot call All”
  • Then add a number of “can call” rules

Setting up call classes in Dialplan

“Dial the trunk” and “Trunk group” Dialplan procedures allow you to define call classes and associate them to prefixes.

Example: assign calls to destination numbers which start with “03” to “Mobile” call class, remove the first digit (0) from the called number and route calls via the selected trunk (test5)

In case you do not set up call classes via Dialplan procedures, PBX evaluates the call prefix and assigns the call class to it, based on the logic described in the chapter Call classes explanation.

Call classes explanation

  • Internal – internal calls
  • Local - local calls 
  • National – recognized based on the National Prefix in Dialplan General Settings
  • Mobile – recognized based on the Country Code in Dialplan General Settings
  • Emergency – recognized based on the Country Code in Dialplan General Settings
  • Free – recognized based on the Country Code in Dialplan General Settings
  • Premium1 – recognized based on the Country Code in Dialplan General Settings
  • Premium2 – recognized based on the Country Code in Dialplan General Settings
  • Premium3 – not defined
  • Premium4 – not defined
  • North America – calls to numbers starting with 001 or +1
  • Africa – calls to numbers starting with 002 or +2
  • Europe1 – calls to numbers starting with 003 or +3
  • Europe2 – calls to numbers starting with 004 or +4
  • South America – calls to numbers starting with 005 or +5
  • Oceania – calls to numbers starting with 006 or +6
  • Russia – calls to numbers starting with 007 or +7
  • Asia1 – calls to numbers starting with 008 or +8
  • Asia2 – calls to numbers starting with 009 or +9

Prefixes per country for call class detection:

Notes

Difference between ALCs “Can / cannot” – Modify public phonebook” and “Can set / cannot set” “Phonebook”:

  • Can / cannot Modify public phonebook: user in this group cannot modify any contact from public WMS phonebook
  • Can set / cannot set Phonebook: user in this group can access only phonebooks located in “Selected” section in WMS -> Users (select user) -> Edit preferences -> Phonebooks

Note: at least one phonebook must be present in “Available” section (it can even be an empty phonebook).

APPENDIX 1. Default ACL permissions

The list of default ACL permissions of Default (users) and Admin (users with admin permissions) ACL groups:

GroupAbility and access
Users
  • cannot Intrusion Everybody
  • cannot Intercom Everybody
  • cannot Manage the callcenter
  • cannot use CDR-view
  • cannot use Shared Recording
  • cannot use Personal Recording
  • cannot call All
  • can call Local
  • can call National
  • can call Mobile
  • can call Emergency
  • can call Europe1
  • can call Europe2
  • cannot Modify Public Phonebook
  • cannot Delete calls
  • cannot Modify presence Everybody
  • cannot Create Conferences
PBX admins
  • cannot manage PBX All
  • can manage PBX <current_PBX>
  • cannot manage group Everybody
  • cannot Add and remove users
  • cannot access menu All
  • can access menu Users :: Phonebook
  • can access menu Dialplan :: Call Groups
  • can access menu Dialplan :: Timetables
  • can access menu Dialplan :: IVR
  • can access menu Settings :: Tools and utilities :: Backup system


APPENDIX 2. Full list of ACL permissions

AbilityAccessDescription
Can/ Cannot
  • Call Everybody/ Default/ Admin
  • use Virtual scanner Everybody/ Default/ Admin
  • Modify presence Everybody/ Default/ Admin
  • see full number in CDR-View
  • Intercom Everybody/ Default/ Admin
  • Intrusion Everybody/ Default/ Admin
  • Modify public phonebooks
  • View Everybody/ Default/ Admin
  • View calls of users Everybody/ Default/ Admin

  • Delete calls Everybody/ Default/ Admin
  • Share status via Kite
  • Share status message via Kite
  • Share geolocation via Kite
  • View geolocation via Collaboration Everybody/ Default/ Admin
  • Manage the callcenter
  • Be looked up via dial by name
  • See extensions
  • Create conferences
  • Allow/ forbid calls
  • Allow/ forbid using Virtual scanner Feature Code. More information: Virtual scanner
  • Allow/ forbid setting user status of colleagues. More information: Set user status
  • If forbidden, a user can't see full numbers in CDR-View. More information: CDR-View Guide
  • If forbidden, a user is not allowed to use Intercom Feature Code. More information: Intercom
  • Allow/ forbid call intrusion. More information: Call intrusion (barging)
  • Allow/ forbid a user to modify any contact from public WMS phonebook. Details: Phonebook
  • Allow/ forbid viewing colleagues status information. More information: Colleagues status information
  • Allow/ forbid viewing who is calling via Collaboration and WP4X0 2015-2017. Details: Colleagues status information
  • Allow/ forbid deleting calls from History. More information: Calls / faxes history
  • Allow/ forbid sharing user's status via Kite
  • Allow/ forbid sharing user's status message via Kite
  • Allow/ forbid geolocation sharing via Kite. More information: Limit access to Kite service
  • Allow/ forbid viewing geolocation of users in Collaboration. More information: Geolocation
  • Allow/ forbid using call group management Feature Code. More information: Call group management
  • Allow/ forbid a user to be looked up via dial by name feature. More information: Directory
  • Allow/ forbid downloading extensions in Collaboration. More information: Extensions
  • Allow/ forbid creating chat/ video conferences. More information: Multiuser chat conference and Create a conference room
Can set/ Cannot set
  • Status (DND/Away)
  • Call Forward Busy
  • Call Forward No Answer
  • Call Forward All
  • Call waiting

  • Mobility extension management

  • Call timeout

  • Telephone blocked
  • Ring only active device

  • Mobility confirmation

  • Function keys
  • Timetable
  • 3 state switch
  • Switch
  • Phonebooks
  • Personal Information
  • Advances status
  • Fax Server Settings
  • All
  • If forbidden, a user can't use Status Feature Code. More information: Status (DND/Away)
  • Allow/ forbid setting call forwarding based on user status via Collaboration and Feature Codes: forward call if user status is Busy, No answer or forward all calls. Consult Call features chapter of Collaboration Guide or Feature Codes Guide for detailed information
  • Allow/ forbid receiving more than one call at a time via Collaboration or Feature Code. More information: Call features and Call waiting Feature Code
  • Allow/ forbid call forwarding to the mobile number via Collaboration or Feature Code. More information: Call features and Mobility extension management
  • Allow/ forbid setting call timeout after which an incoming call will be terminated via Collaboration or Feature Code. More information: Call features and Call timeout
  • Allow/ forbid using Telephone blocked Feature Code. More information: Telephone blocked
  • Allow/ forbid activating only the active device ring vai Collaboration or Feature Code. More information: Personal settings and Ring only active device Feature Code
  • If forbidden, a user is not user is notified on who the caller is when he receives the call on mobility extension number. More information: Call features and Mobility confirmation
  • If forbidden, a user can't configure Function keys. More information: Function keys
  • Allow/ forbid changing a timetable status via Feature Code
  • Allow/ forbid changing 3 state switch status via Feature Code
  • Allow/ forbid changing a switch status via Feature Code. More information: Switch / 3 state switch / Timetable
  • If forbidden, a user can access only phonebooks located in “Selected” section in WMS - > Users (select user) -> Edit preferences -> Phonebooks
  • If forbidden, a user can't change personal information in Collaboration. Details: Personal
  • If forbidden, a user can't add a status message in Collaboration. More information: Status message
  • If forbidden, a user can't change Fax server Settings in Collaboration. More information: Fax Server
Can use/ Cannot use
  • Collaboration
  • Attendant Console
  • History
  • CDR-View
  • Speed dial
  • Shared Recording
  • Personal Recording
  • SMS
  • Fax
  • Paging
  • Pre answer services
  • Pre answer services & message
  • Web phone
  • Voicemail
  • Contact center
  • All
  • If forbidden, a user doesn't have access to Colleagues, Map view, Messaging
  • Allow/ forbid access to Attendant Console. More information: Attendant Console
  • Allow/ forbid access to Calls/ faxes History (also on More information: Calls / faxes history
  • Allow/ forbid access to CDR-View. Detailed information: CDR-View Guide
  • Allow/ forbid using Speed dial Feature Code. More information: Speed dial Feature Code
  • Allow/ forbid using of Shared record and Personal record via Collaboration and Feature Codes. More information: Personal record / Shared record Feature codes and Record a call

  • If forbidden, a user can't send SMS via Collaboration. More information: SMS

  • Allow/ forbid sending faxes. More information: Fax
  • If forbidden, a user can't use Paging Feature Code. More information: Paging
  • Allow/ forbid using pre answer services
  • Disable totally pre answer services including all the messages
  • If forbidden, web phone is not available in the list of devices in Collaboration
  • Allow/ forbid access to Voicemail. More information: Voicemails
  • If forbidden, Contact center in Collaboration can't be used. More information: Contact center
Can call/ Cannot call
  • Internal
  • Local
  • National
  • Mobile
  • Emergency
  • Free
  • Premium1
  • Premium2
  • Premium3
  • Premium4
  • North America
  • Africa
  • Europe1
  • Europe2
  • South America
  • Oceania
  • Russia
  • Asia1
  • Asia2
  • Numbers in allowed phonebooks
  • International
  • All

The description of call classes can be found in Call classes explanation Chapter


APPENDIX 3. List of ACL admin permissions

AbilityAccess
Can/ Cannot manage PBXAllow/ forbid managing Server and Client PBXes
Can/ Cannot manage groupAllow/ forbid managing any specific group
Can/ Cannot access menu
  • Users::Users
  • Users::Groups
  • Users::PBXes
  • Users::Phonebooks
  • Trunks::Trunks
  • Trunks::Trunk Groups
  • Trunks::Pricelists
  • Devices
  • Dialplan::Dialplan rules
  • Dialplan::Call Groups
  • Dialplan::Paging Groups
  • Dialplan::Timetables
  • Dialplan::IVR
  • Dialplan::Feature codes
  • Dialplan::General Settings
  • Settings::PBX
  • Settings::System
  • Settings::Tools and utilities::Remote support
  • Settings::Tools and utilities::Backup system
  • Settings::Tools and utilities::Upgrade
  • Settings::Tools and utilities::Generate trace
  • Top control::Generate call
  • Top control::Sounds
  • Top control::Debug
  • Toop control::Reboot/Halt
Can/ CannotAdd and remove users


  • No labels