Overview
This article describes the process to restrict user access to GFI Archiver by making changes in the configuration files.
GFI MailArchiver 2013 introduced Role Based Access Control, which can be used to configure granular permissions, including who has access to the configuration of the product. To configure this feature, navigate to Configuration > Roles and Permissions and assign permissions as desired.
Process
Note: This procedure requires to edit files manually. If edited incorrectly, it can leave the server in a non-operational state. Please keep backups of any file which is edited throughout this article before saving any changes to them.
- In
..\GFI\Archiver\ASPNET\UI\web.config
, locate the first<system.web>
section. - Within this section find the
<authorization>
section, which controls access to the web application.
Note: If this section does not exist, you will need to create it.
The default text for this section is:
<authorization>
This means that access is completely denied to anonymous users (represented by the '?' symbol)
<deny users="?"/>
</authorization>
- You can deny access to specific users as follows:
<authorization> <deny users="?, DOMAIN\User1, DOMAIN\User2"/> </authorization>
- To grant access only to specific users (the '*' symbol represents all users):
<authorization> <allow users="DOMAIN\User1"/> <deny users="*" /> </authorization>
- To control permissions on group level (in .NET called role):
<authorization>
<deny roles="DOMAIN\Group1, DOMAIN\Group2"/>
<deny users="?" />
</authorization>
- You can deny access to specific users as follows:
- Save the file. The changes will be immediate.
Important Notes
- Users and groups should be provided in DOMAIN\User and DOMAIN\Group format. It is allowed to use BUILTIN instead of DOMAIN for built-in groups.
- More information and full syntax can be found on Microsoft's website.
- When upgrading to a newer version of GFI Archiver, installation files mentioned in this procedure will be overwritten with default versions making the changes void and ineffective. It is therefore suggested to keep a record of this procedure and follow it once again directly after upgrading to keep this functionality intact.