Skip to main content

Roles: access and administration rights

Users can be assigned the following roles:

  • access rights to applications (webmail, contacts, etc.)
  • rights to use specific functions (create an external identity, activate mail forwarding, etc.)
  • administrative rights to delegate management of certain parts (users, domain, etc.).
info

To find out more about managing these rights, go to the pages about Users and Delegated Administration.

The different administrators

Platform administrator

Also known as admin0, global administrator or superadministrator, it is unique in BlueMind and has admin0@global.virt as its login. He is responsible for the technical aspects of the platform.

He doesn't have a user account, so when he logs on to BlueMind, he only accesses the administration console. It takes care of the installation and technical configuration of the domains: server addresses, disk space, specific scheduled tasks... He also has access to the same management functions as the functional administrator.

Admin0 is created automatically and cannot be configured.

System administrator

The system administrator is a user who has been given the role of System Manager either personally or through a group. It is responsible for managing the entire BlueMind installation and configuration.

Several users can have the role of system administrator.

⚠️ Due to confidentiality and technical conflicts, the system administrator MUST NOT HAVE ACCESS TO Mail, Contacts, and Calendar applications.

The system manager in fact has rights equivalent to those of admin0. In particular, it has full access to users' accounts, settings and data: emails, contacts, calendar - right down to the details of their private events.

Having a system manager with access to applications can also lead to technical problems such as replication errors.

System administrator settings

Functional domain administrator

Commonly known as domain administrator, it is a user who has been given domain management roles (see below) either personally or through a group.

Several users can have the role of functional administrator on the same domain.

The functional administrator manages users, groups and resources from the BlueMind administration console, as well as setting up the domain and shared objects (mailboxes, calendars, address books). He can delegate his rights by creating other administrators (see Organizational units and Delegated administration for details).

Domain administrator settings

Assignable roles

Administration

  • System manager : manages the entire BlueMind installation and its configuration

    ⚠️ The user must only access the administration console

    This role should not be given to a user with access to Mail, Contacts, and Calendar applications.
    See the paragraph System administrator above for more details

    • Monitoring console : access to the monitoring console
    • Certificate management : to manage the SSL certificate
    • Management via dataprotect : accesses the dataprotect interface to restore data for the entire domain
    • Manage system configuration : access to configure system parameters
    • Manage BlueMind subscription: Allows the user to install and update the BlueMind subscription
    • Manage domains
      • Domain administrator
        • Perform restorations via dataprotect : allows access to dataprotect interface to restore data from the entire domain (users, mailshares, etc.)
        • Manage external users : create and administer external users
        • Manage shared mailboxes : create, modify or delete shared mailboxes
          • Manage mailshare sharing: Allows the admin to modify shared mailbox share permissions
        • Manage domain calendars : create, modify and delete domain calendars
          • Manage domain calendar sharing: Allows the admin to modify domain calendar share permissions
        • Manage domain address books : create, modify and delete domain address books
          • Manage domain address books sharing: Allows the admin to modify domain address books share permissions
        • Manage external LDAP address books : create, modify or delete domain address books synchronized with an external LDAP
        • Manage S/MIME domain certificates : add and remove S/MIME certificates
        • Manage groups : create, modify and delete groups
          • Manage group members: Allows the admin to add and remove group members
          • Manage group sharing: Allows the admin to add, modify or delete share permissions for a group mailbox
        • Manage resources : create, modify or delete resources
          • Manage resource sharing: Allows the admin to modify resource share permissions
        • Manage resource types : create, modify or delete resource types
        • Manage organizational units : allows creating and deleting organizational units, used for delegated administration
          • View organization units : allows you to view organization units, but not to modify or create them.
        • Manage users : create, modify and delete users
          • Manage external accounts : manage users' external accounts for applications that require them to be connected (e.g. Nextcloud for its Drive service, Teams for videoconferencing, etc.).
          • Manage user subscriptions: Allows the admin to modify user subscriptions to shared address books and calendars
          • Manage user devices (ActiveSync) : allows authorizing or revoking EAS sync permissions for users' third-party devices
          • Manage user identities : allows to add, modify, or delete identities to users
          • Manage user information : allows modifying user information intended to appear in the directory (profile picture, name, contact details, etc.)
          • Manage user passwords : allows modifying passwords of users
          • Change own settings: Allows the user to change their personal settings
          • Manage user sharing: Allows the admin to modify personal user mail, address book and calendar share permissions
          • Manage external id : gives access to modify the External Id field in the user's file.
          • Mailbox indexing : allows to launch the operation of indexing the mailbox for users
          • Validate user : allows to launch the operation of validation and repair of users

  • Manage servers : gives access to the " application servers" section of the administration console, allowing you to add and remove servers, as well as modify their settings and roles

  • Manage domain max values : manage the maximum number of allowed users on the domain

  • Sudo (privilege escalation) : allows to log in to BlueMind on behalf of users without knowing their password

Access to applications

  • [obsolete] Webmail and Contacts : this role is no longer taken into account by BlueMind - users have access to the webmail even if this box is unchecked.
  • Calendar and Tasks : allows to use the Calendar and Tasks applications
  • Mobile synchronization : allows to connect and synchronize mobile devices
  • CalDav and CardDav synchronization : allows to use CalDav and CardDav protocols to synchronize third-party devices or software
  • Thunderbird connector synchronization : allows to download and use the Thunderbird connector
  • Outlook synchronization : allows to connect Outlook with MAPI
  • Telephony : allows using telephony integration in web applications
  • Administration console : gives access to the administration console - required for all management roles
  • Manage company signatures: gives access to the signature and disclaimer management application
  • API docs integration : gives BlueMind integrated access to documentation API : an "API Docs" link is added to the top banner of BlueMind, alongside the other applications.

General

  • Change own settings : allows the user to modify BlueMind preferences
  • Change own password : allows users to change their password at any time
  • Modify own information1 : allows users to modify the information that will be visible in their directory record
  • API-based access to own ActiveSync devices1 : enables users to manage access to their own devices via EAS (Exchange ActiveSync) synchronization
  • Manage external accounts : connect external accounts for applications that require them (e.g. Nextcloud for its Drive service, Teams for videoconferencing, etc.).

Mail

  • Access to the new webmail: enables the user to use the webmail developed by BlueMind

  • Access to classic webmail: allows the user to use the old webmail if installed.

  • Authorize S/MIME on webmail: allows the user to send and receive encrypted and/or electronically signed messages

  • Read domain filters : displays domain filters in the user preferences management interface

  • Manage email filters: allows the user to manage their personal email filters

  • Manage email identities: allows the user to create and configure their email identities from their primary address, an alias, or a mailshare

  • External identity: Allows the user to create identities with external mail addresses for themselves

  • Transfer of messages to external addresses: automatically forward all received messages to an external email address outside the domain.

    Internal transfer

    When this role is deactivated, the user can activate global mail forwarding to internal addresses only.

Cloud

  • Drive: Gives the ability to find and resend linked attachments previously sent and stored on the server.
  • Linked attachments: possibility to detach attachments from messages in order to present them as download links to recipients

Videoconferencing

  • Videoconferencing feature : when the BlueMind Video application is installed, allows users to create unlimited video conferences with up to 100 participants

Find out more

Footnotes

  1. Note: no interface is currently available for managing user BlueMind settings. This feature only allows scripted actions using the user's API key (see Adjusting your account settings - Managing security settings) 2

Last updated on