This article refers to Barracuda Message Archiver firmware version 5.0 or higher.
When adding LDAP users and LDAP groups to the Barracuda Message Archiver through the USERS > LDAP Users Add/Update page, inclusion/exclusion rules are analogous to an allow list and block list.
When a configured user runs a search on the BASIC > Search page, the following rules apply:
- Mail for addresses added to the Exclude these Addresses block list are NOT displayed unless the mail includes the user performing the search to assure that a user can always see their own mail.
- The Exclude these Addresses block list always takes precedence; addresses added to the Include these Addresses allow list are searchable unless the Exclude these Addresses block list blocks the mail.
- Because a user with the Admin or Auditor role can by default view all mail, users set to these roles can only edit their Exclude these Addresses list.
- If a user is not configured and is a member of a group, then the block and allow rules assigned to that group apply to that user. Additionally, if the unconfigured user is a member of multiple groups, then the privileges for all of those groups are merged and that user is assigned the least privileged role of those groups. This allows the Admin to apply block and allow rules to all users of a distribution group.
Example Inclusion/Exclusion Rules
The following examples illustrates the inclusion/exclusion rules:
- Example 1 – If Brian is not individually configured but is a member of the distribution group HR, then the Admin can set the block and allow rules for the group HR, and Brian will use these settings when searching mail rather than seeing only his own mail.
- Example 2 – If Josh is not individually configured but is a member of the distribution group HR which has an Auditor role, and Josh is also a member of the group Employees which has a User role, Josh has only the User role privileges when running a search.