Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Info

This Guide explains and describes what permissions and limitations for PBX users and administrators can be set to limit access to certain PBX services and features.

Updated: November 2019August 2020

Permalink: https://confluence.wildix.com/x/eQaIAQ

...

Note

Note: Normally, if you don't forbid any certain access via ACL, it means the access is allowed. For example, if you don't have any ACL restriction "Cannot" - "Intrusion", it means intrusion is allowed.

Exception: There are 3 ACLs that are not permitted by default: "Can " - "Modify presence", "Can" - "Delete calls" and "Can" - "See voicemail". At first, you have to set ACL permissions for using these services.

Admin and Default ACL groups and permissions

ACL groups can be managed and created in WMS -Users -> Groups.

...

  • Admin (no limitations, assigned to “admin” user)
  • Default (see Default ACL settings; assigned to new users by default)

PDF avoid Pagebreak

Image Modified


ACL groups can be assigned to users in WMS -> Users -> select user / users -> “Group”:

...

Set up Inheritance: Select an ACL group: “Inherits from” (select the group)

PDF avoid Pagebreak

Image Modified


Warning

Important: Wildix ACL groups support only single level inheritance.

...

Example: assign calls to destination numbers which start with “03” to “Mobile” call class, remove the first digit (0) from the called number and route calls via the selected trunk (test5):

PDF avoid Pagebreak

Image Modified


In case you do not set up call classes via Dialplan procedures, PBX evaluates the call prefix and assigns the call class to it, based on the logic described in the chapter Call classes explanation.

Call classes explanation

...

ACL "Cannot - Share status via Kite" breaks ACL "Can - Modify presence - Everybody". This means, if a user has ACL "Cannot - Share status via Kite", another user with ACL "Can - Modify presence - Everybody" is not able to change that user status.

APPENDIX 1. Default ACL

...

permissions 
Anchor
defaultacl
defaultacl

The list of default ACL permissions of Default (users) and Admin (users with admin permissions) ACL groups:

GroupAbility and access
Users
  • cannot Intrusion Everybody
  • cannot Intercom Everybody
  • cannot Manage the callcenter
  • cannot use CDR-view
  • cannot use Shared Recording
  • cannot use Personal Recording
  • cannot call All
  • can call Local
  • can call National
  • can call Mobile
  • can call Emergency
  • can call Europe1
  • can call Europe2
  • cannot Modify Public Phonebook
  • cannot Delete calls
  • cannot Modify presence Everybody
  • cannot Create Conferences
PBX admins
  • cannot manage PBX All
  • can manage PBX <current_PBX>
  • cannot manage group Everybody
  • cannot Add and remove users
  • cannot access menu All
  • can access menu Users :: Phonebook
  • can access menu Dialplan :: Call Groups
  • can access menu Dialplan :: Timetables
  • can access menu Dialplan :: IVR
  • can access menu Settings :: Tools and utilities :: Backup system

APPENDIX 2. Full list of ACL

...

permissions 
Anchor
fullacl
fullacl

Can/ Cannot

Call - GroupAllow/ forbid calling certain groups of users
use Virtual scanner - Group

Allow/ forbid using Virtual scanner Feature Code. More information: Virtual scanner

Modify presence - Group

Allow/ forbid setting user status of colleagues in Collaboration. By default, if no ACL rule is added, users are not allowed to set user status of colleagues. More information: Set user status in Collaboration

see full number in CDR-View

Allow/ forbid seeing full numbers in CDR-View in Collaboration. You can decide how many digits to hide in Call and chat history menu of WMS

Intercom - Group

Allow/ forbid using Intercom Feature Code. More information: Intercom

Intrusion - Group

Allow/ forbid call intrusion via Collaboration / Feature Code. More information: Call intrusion (barging), Intrusion Feature Code

Call Pickup - GroupAllow/ forbid pickup of other user's calls via Collaboration / Feature Code. More information: Call pickup and Pickup Feature Code
Modify public phonebooks

Allow/ forbid modifying any contact from a public WMS phonebook in Collaboration. Details: Phonebook

View - Group

Allow/ forbid viewing users in Colleagues roster and Recents chat in Collaboration as well as Colleagues phonebook

View calls of users - Group

Allow/ forbid viewing who is calling via Collaboration and VoIP phones. Details: Colleagues status information

Delete calls

Allow/ forbid deleting calls from History (not supported on W-AIR Handsets). By default, if no ACL rule is added, users are not allowed to delete calls. More information: Calls / faxes history

Share status via Kite

Allow/ forbid sharing user's status via Kite (no user status is shown when contacting user by Kite link)

Share status message via Kite

Allow/ forbid sharing user's status message via Kite (no status message is shown when contacting user by Kite link)

Share geolocation via Kite

Allow/ forbid geolocation sharing via Kite. More information: Limit access to Kite service

View geolocation via Collaboration - Group

Allow/ forbid viewing geolocation of users in Collaboration, iOS/ Android apps. More information: Geolocation

Manage the callcenter

Allow/ forbid performing actions on call groups’ members: put a user on hold, add users to call groups via call groups plugin and Call group management Feature Code (if forbidden, a user can perform the actions only on himself (add himself to a call group, put himself on pause in a call group)

More information: WebAPI basic features and Call group management Feature code

Be looked up via dial by name

Allow/ forbid user to be looked up via dial by name feature (including ASR). The feature can be called via "Dial by name/ Directory" Dialplan application or Directory Feature Code via Collaboration, VoIP phones, WP600AXX/ Vision/ SuperVision, W-AIR handsets, iOS/ Android apps. More information: Directory and Dial by name/ Directory

See extensions

Allow/ forbid downloading Collaboration Extensions. More information: Extensions

See voicemailAllow/ forbid using shared voicemail feature on WP480G/WP490G 2017, WorkForce, WelcomeConsole. More information: Shared voicemail feature
Disable two factor authentication (WMS 4.0X/ WMS 5.0X)Allow/ forbid disabling Two-factor authentication in Collaboration. Details: Two-factor authentication
Enable video call (WMS 4.0X/ WMS 5.0X)Allow/ forbid user to start or enable video calls in Collaboration. Details: Video call
Create conferences

Allow/ forbid creating chat/ video conferences in Collaboration. More information: Multiuser chat conference and Wizyconf Videoconference

Can set/ Cannot set

Status (DND/Away)

Allow/ forbid setting DND/ Away status via Status Feature Code (can be dialed from any Wildix device) and VoIP phones (not supported in Collaboration, WP600AXX/ Vision/ SuperVision, iOS/ Android apps). More information: Status (DND/Away) Feature Code and WP4X0 Call Features

Call Forward Busy

Allow/ forbid setting call forwarding if user is busy (not supported on WP600AXX/ Vision/ SuperVision)/ using Feature Code. Consult Call features, WP4X0 Call features, Android Settings, iOS Settings or Feature Codes Guide

Call Forward No Answer

Allow/ forbid setting call forwarding if user doesn't answer (not supported on WP600AXX/ Vision/ SuperVision)/ using Feature Code. More information: Call features, WP4X0 Call features, Android Settings, iOS Settings or Feature Codes Guide

Call Forward All

Allow/ forbid setting forwarding of all calls (not supported on WP600AXX/ Vision/ SuperVision)/ using Feature Code. More information: Call features, WP4X0 Call features, Android Settings, iOS Settings or Feature Codes Guide

Call waiting

Allow/ forbid receiving more than one call at a time (not supported on WP600AXX/ Vision/ SuperVision) / using Feature Code. More information: Call features, WP4X0 Call features, Android Settings, iOS Settings or Call waiting Feature Code

Mobility extension management

Allow/ forbid call forwarding to the mobile number (not supported on WP600AXX/ Vision/ SupeerVision)/ using Feature Code. More information: Call features, WP4X0 Call features, Android Settings, iOS Settings or Mobility extension management

Call timeout

Allow/ forbid setting call timeout after which an incoming call will be terminated via Collaboration or Feature Code. More information: Call features and Call timeout

Telephone blocked

Allow/ forbid using Telephone blocked Feature Code. More information: Telephone blocked

Ring only active device

Allow/ forbid activating only the active device ring via Collaboration or Feature Code. More information: Personal settings and Ring only active device Feature Code

Mobility confirmation

Allow/ forbid a user to be notified on who the caller is when he receives a call on mobility extension number via Collaboration or Feature Code. More information: Call features and Mobility confirmation

Function keys

Allow/ forbid configuring Function keys in Collaboration -> Settings -> Function keys. The access to already configured Function keys is saved. More information: Function keys

Timetable

Allow/ forbid configuring Timetable Function key in Collaboration and changing its status via Feature Code (Timetables and switches are created in WMS). Details: Timetable Feature Code

3 state switch

Allow/ forbid configuring 3 state switch Function key in Collaboration and changing its status via Feature Code. Details: 3 State Switch Feature Code

Switch

Allow/ forbid configuring Switch Function key in Collaboration and changing its status via Feature Code. More information: Switch Feature Code

Phonebooks

Allow/ forbid access to selected phonebooks (if forbidden, a user can access only phonebooks located in “Selected” section in WMS - > Users (select user) -> Edit preferences -> Settings -> Phonebooks)

Personal Information

Allow/ forbid changing personal information in Collaboration and Android/ iOS app (not supported on VoIP phones, WP600AXX / Vision/ SuperVision, W-AIR Handsets). Details: Personal information

Advanced status

Allow/ forbid access to advanced user status menu, including status message, until option, editing picture and setting location and Chat/ Presence menu, including custom statuses in Collaboration. More information: Status message and Chat/ Presence

Fax Server Settings

Allow/ forbid changing Fax Server Settings in Collaboration -> Settings -> Fax Server Settings. More information: Fax Server

Notify missed calls via email (WMS 4.0X/ WMS 5.0X)Allow/ forbid receiving missed calls notifications via email in Collaboration -> Settings -> Features. More information: Call features
Notify missed calls via SMS (WMS 4.0X/ WMS 5.0X)Allow/ forbid receiving missed calls notifications via SMS in Collaboration -> Settings -> Features. More information: Call features
Custom Ring (WMS 4.0X/ WMS 5.0X)Allow/ forbid selecting the ringtone for VoIP phones and Collaboration in Collaboration -> Settings -> Features. More information: Call features
All

Can use/ Cannot use

Collaboration

Allow/ forbid access to Collaboration (if forbidden, users have access only to the basic CTI interface, including calls, sending SMS/ fax, changing personal user status, without full access to Collaboration (no access to Colleagues, Function keys, Map view, Messaging menu)

Attendant Console

Allow/ forbid access to Attendant Console in Collaboration. More information: Attendant Console

History

Allow/ forbid access to Calls/ faxes History (not supported on W-AIR Handsets). More information: Calls / faxes history

CDR-View

Allow/ forbid access to CDR-View in Collaboration. Detailed information: CDR-View Guide

Speed dial

Allow/ forbid call phonebook short numbers using Speed dial Feature Code. More information: Speed dial Feature Code

Shared Recording

Allow/ forbid using Shared record Feature Code. More information: Shared record Feature Code

Personal RecordingAllow/ forbid access to personal recording in Collaboration and using Personal Recording Feature Code and Incall code *1 as well as Attendant Console. More information: Feature Codes Guide and Record a call
SMSAllow/ forbid sending SMS via Collaboration. More information: SMS
Fax

Allow/ forbid sending faxes via Collaboration. More information: Fax

Paging

Allow/ forbid using Paging Feature Code to send a broadcast to a group of users. More information: Paging

Pre answer servicesAllow/ forbid access to pre answer services (the voice prompt doesn't announce "press * for options"), including Voicemail, Intrusion, Intercom and Call completion, but the voice prompt announces user status: on the phone, busy, unavailable, no answer
Pre answer services & messages

Allow/ forbid access to pre answer services when user status is not announced at all. More information: Pre answer services

Phone settings menuAllow/ forbid access to VoIP phone settings. More information: Phone settings
Advanced phone settings menu (WMS 4.0X/ WMS 5.0X)Allow/ forbid access only to advanced phone settings "Network" and "Autoprovision" on VoIP phones. More information: Phone settings
Web phone

Allow/ forbid availability of web phone in Collaboration (if forbidden, web phone is not available in the list of devices in Collaboration and user cannot use Collaboration to place / receive calls via Web phone)

Voicemail

Allow/ forbid access to Voicemail and using Voicemail Feature Code. More information: Voicemails

Voicemail without pin code (WMS 4.0X/ WMS 5.0X)

Allow/ forbid PIN protection for Voicemail via XML (via the phone menu), Voicemail Feature Code, Voicemail access Dialplan application ("skip pin check (s)" option should not be activated). Details: Voicemail

Note: By default, the ACL is enabled for the USA and Canada. To disable this behavior, change it to “Can use voicemail without pin code”

Contact center

Allow/ forbid using Contact center feature in Collaboration -> Settings -> Contact center. More information: Contact center

Trunk to trunk transfer (WMS 4.0X/ WMS 5.0X)Allow/ forbid making transfers of calls received/ placed via trunk, including blind and attended transfers, and also calls from Kite
Trunk Forward to trunk forward (WMS 4.0X/ WMS 5.0X)

Allow/ forbid forwarding (Call Forward Busy/ No Answer/ All) of external all calls to external numberstrunk received from trunk/ user extension. More information: Call features

All

Can call/ Cannot call

InternalThe description of call classes can be found in Call classes explanation Chapter
Local
National
Mobile
Emergency
Free
Premium1
Premium2
Premium3
Premium4
North America
Africa
Europe1
Europe2
South America
Oceania
Russia
Asia1
Asia2
Numbers in allowed phonebooks
International (WMS 4.0X/ WMS 5.0X)
All

APPENDIX 3. List of ACL admin

...

permissions 
Anchor
acllist
acllist

AbilityAccess
Can/ Cannot manage PBXAllow/ forbid managing Server and Client PBXs
Can/ Cannot manage groupAllow/ forbid managing any specific group
Can/ Cannot access menu
  • Users::Users
  • Users::Groups
  • Users::PBXes
  • Users::Phonebooks
  • Trunks::Trunks
  • Trunks::Trunk Groups
  • Trunks::Pricelists
  • Devices
  • Dialplan::Dialplan rules
  • Dialplan::Call Groups
  • Dialplan::Paging Groups
  • Dialplan::Timetables
  • Dialplan::IVR
  • Dialplan::Feature codes
  • Dialplan::General Settings
  • Settings::PBX
  • Settings::System
  • Settings::Tools and utilities::Remote support
  • Settings::Tools and utilities::Backup system
  • Settings::Tools and utilities::Upgrade
  • Settings::Tools and utilities::Generate trace
  • Top control::Generate call
  • Top control::Sounds
  • Top control::Debug
  • Top control::Reboot/Halt
Can/ CannotAdd and remove users

...