This article refers to Barracuda Message Archiver firmware version 5.0 or higher.
When adding LDAP users and LDAP groups to the Barracuda Message Archiver through the USERS > LDAP Users Add/Update page, inclusion/exclusion rules are analogous to whitelist/blocklist.
When a configured user runs a search on the BASIC > Search page, the following whitelist/blocklist rules are in place:
- Mail for addresses added to the Exclude these Addresses blacklist are NOT displayed unless the mail includes the user performing the search to assure that a user can always see their own mail.
- The Exclude these Addresses blacklist always takes precedence; addresses added to the Include these Addresses whitelist are searchable unless the Exclude these Addresses blacklist blocks the mail.
- Because a user with the Admin or Auditor role can by default view all mail, users set to these roles can only edit their Exclude these Addresses list.
- If a user is not configured and is a member of a group, then the blacklist/whitelist rules assigned to that group apply to that user. Additionally, if the unconfigured user is a member of multiple groups, then the privileges for all of those groups are merged and that user is assigned the least privileged role of those groups. This allows the Admin to apply blacklist/whitelist rules to all users of a distribution group.
Example Inclusion/Exclusion Rules
The following examples illustrates the inclusion/exclusion rules:
- Example 1 – If Brian is not individually configured but is a member of the distribution group HR, then the Admin can set the blacklist/whitelist rules for the group HR, and Brian will use these settings when searching mail rather than seeing only his own mail.
- Example 2 – If Josh is not individually configured but is a member of the distribution group HR which has an Auditor role, and Josh is also a member of the group Employees which has a User role, Josh has only the User role privileges when running a search.