ACL (Access Control List) is a number of permissions and limitations for PBX users and PBX administrators.
Via ACL for PBX users it is possible to forbid certain groups of users external calls to certain call classes, limit access to certain PBX services and UC features.
Via ACL for PBX administrators it is possible to limit access to certain WMS menus and forbid certain operations related to PBX management to groups of PBX admins.
Updated:
Permalink:
Default ACL groups and admin permissions
Create and manage ACL groups in WMS Users > Groups:
Assign ACL groups to users in WMS Users > select user / users > “Group”:
All PBX users with admin permissions can:
- edit permissions of ACL groups (“Edit permissions” button)
“admin” user in addition can:
- create and delete ACL groups
- set up inheritance
- manage admin permissions for PBX administrators (“Edit admin permissions” button)
By default there are two ACL groups on PBX:
- Admin (no limitations, assigned to “admin” user)
- Default (see Default ACL settings; assigned to new users by default)
Inheritance
Set up Inheritance: Select an ACL group: “Inherits from” (select the group)
- Wildix ACL groups support multilevel inheritance.
Example: group B inherits from A; group C inherits from B; group D inherits from C
- “Cannot” rule has priority over “can”
Example: group B inherits from A “Can” – “Intercom”, but inside group B we add “Cannot” – “Intercom”, as a result, use of Intercom is prohibited for this group of users
ACL for outgoing calls – Supported countries for call classes
ACL Can call / Cannot call
Wildix PBX supports call classes for following countries:
- Austria
- Belgium
- Canada
- France
- Germany
- Italy
- Luxembourg
- Netherlands
- Spain
- Switzerland
- Portugal
- Ukraine
- United Kingdom
- USA
Call class detection for processing external calls
PBX differentiates national from foreign calls based on Country Code in Dialplan > General settings
Country code in trunk settings is used for number normalization (number is not normalized if country code is empty)
Available classes for processing of calls inside configured country:
- National
- Mobile
- Emergency
- Free
- Premium1
- Premium2 (Germany, Austria)
Available classes for processing of calls to/from other countries (see Call classes explanation)
- North America
- Africa
- Europe1
- Europe2
- South America
- Oceania
- Russia
- Asia1
- Asia2
Call class for unknown countries is 0 and call will not be blocked by ACL.
Recommendations to avoid calls to illegal destinations:
(as in Default ACL settings)
- First add the rule “cannot call All”
- Then add a number of “can call” rules
Setting up call classes in Dialplan
“Dial the trunk” and “Trunk group” Dialplan procedures allow you to define call classes and associate them to prefixes.
Example: assign calls to destination numbers which start with “03” to “Mobile” call class, remove the first digit (0) from the called number and route calls via the selected trunk (test5)
In case you do not set up call classes via Dialplan procedures, PBX evaluates the call prefix and assigns the call class to it, based on the logic described in the chapter Call classes explanation.
Call classes explanation
- internal – internal calls
- national – recognized based on the Country Code in Dialplan General Settings
- mobile – recognized based on the Country Code in Dialplan General Settings
- emergency – recognized based on the Country Code in Dialplan General Settings
- free – recognized based on the Country Code in Dialplan General Settings
- premium1 – recognized based on the Country Code in Dialplan General Settings
- premium2 – recognized based on the Country Code in Dialplan General Settings
- premium3 – not defined
- premium4 – not defined
- northamerica – calls to numbers starting with 001 or +1
- africa – calls to numbers starting with 002 or +2
- europe1 – calls to numbers starting with 003 or +3
- europe2 – calls to numbers starting with 004 or +4
- southamerica – calls to numbers starting with 005 or +5
- oceania – calls to numbers starting with 006 or +6
- russia – calls to numbers starting with 007 or +7
- asia1 – calls to numbers starting with 008 or +8
- asia2 – calls to numbers starting with 009 or +9
Prefixes per country for call class detection:
Known issues and Notes
- User ACL “Can / cannot” – “Use History” is not applied to WP4X0 and WP500 / WP600
- Difference between ALCs “Can / cannot” – Modify public phonebook” and “Can set / cannot set” “Phonebook”:
- Can / cannot Modify public phonebook: user in this group cannot modify any contact from public WMS phonebook
- Can set / cannot set Phonebook: user in this group can access only phonebooks located in “Selected” section in WMS Users (select user) > Edit preferences > Phonebooks
- Note: at least one phonebook must be present in “Available” section (it can even be an empty phonebook)
APPENDIX: default ACL settings
Users:
- cannot Intrusion Everybody
- cannot Intercom Everybody
- cannot use History
- cannot use CDR-view
- cannot use Shared Recording
- cannot use Personal Recording
- cannot call All
- can call Local
- can call National
- can call Mobile
- can call Emergency
- can call Europe1
- can call Europe2
- cannot Modify Public Phonebook
- cannot Create Conferences
PBX admins:
- cannot manage PBX All
- can manage PBX <current_PBX>
- cannot manage group Everybody
- cannot Add and remove users
- cannot access menu All
- can access menu Users :: Phonebook
- can access menu Dialplan :: Call Groups
- can access menu Dialplan :: Timetables
- can access menu Dialplan :: IVR
- can access menu Settings :: Tools and utilities :: Backup system