14. Chapter - Usermanager

The Usermanager manages all users, user settings (such as email addresses and forwarding) as well as all access rights (e.g. for administration, proxy, etc.).

For the users themselves only their settings are recorded, the access rights are managed exclusively by the user groups.

14.1. User Groups

Each user receives their access rights from the user groups of which they are a member. A user can be a member of any number of groups.


A mailing list can be created for a group under Services > Email > Mailinglist. For example, it would be convenient to send an email to all employees by using .

There are 2 special user groups: The administrator group, which has full access rights and is the only one allowed to access the console.

Secondly, the everyone group. All users are members of this group.


All access rights granted to the "everyone" group are accessible without login and password. So even a guest can access and edit these pages without any additional login.

14.1.1. Access Rights

All rights allowed in any one group of a user are allowed for the user.

Proxy profiles combine all profiles from a user's groups in such a way that all pages allowed in at least one group are allowed for the user. For more information on proxy profiles, see Section 12.4, „URL Filter“.

If the email attachment filter is enabled, incoming emails can be processed using the group with different filter lists. If a user is a member of multiple groups with different filter lists, the filter lists are merged. whitelists have priority over blacklists. For more information about the email attachment filter, see Section 15.7.3, „Attachment Filter“.

Since all users are automatically members of the "everyone" group, the rights of the "everyone" group are effectively the minimum rights that can be assigned to users.

Email quota is the maximum amount of storage space that the group members' mailboxes are allowed to occupy individually (not all members together). If the limit is reached, no new emails will be accepted (error message "450 Over Quota" will be sent to the sender after the email queue time has elapsed). Most IMAP email clients display a warning if they are 90% full. If the user is a member of more than one group, the largest quota from their user groups applies.

With the SMTP authentication and email relaying option, it is possible to control whether members of the group can log in to the Intra2net system to send emails to external recipients (SMTP authentication). Note that the members of a group with email relaying from the Internet absolutely require high quality passwords. Otherwise the password can be guessed automatically and the Intra2net system could be misused to send spam.

14.1.2. Administration Rights

Under Usermanager > Groups : Administration Rights, on the lower part of the screen, access to each individual page of the interface can be regulated. In the upper part it can be set whether the rights set below should also be used over the Internet (remote administration) or whether only access to web groupware should be possible.

It is also possible to specify whether setting up and disconnecting Internet and VPN connections is permitted or not.

If the main page is to be hidden without logging in, simply deny access to the "Main Page" right for the "Everyone" Group.