Zugriffsberechtigungen in Benno MailArchiv können wahlweise in der integrierten Benutzer-Datenbank verwaltet oder über externe Quellen wie Active Directory (AD), LDAP und andere Quellen (wie bspw. Microsoft Azure AD (Microsoft Entra ID) abgebildet werden.

The following instructions apply to the benno internal user database.

Each user account can be assigned one role.

The following roles are available for selection:

• USER
• AUDITOR
• ADMIN
• AUTH
• SYSTEM

Lediglich Benutzer mit der Rolle ADMIN können Benutzerkonten in Benno MailArchiv verwalten.

Die Rolle REVISOR kann Benutzern zugewiesen werden, die uneingeschränkten Zugriff auf alle Mails im Archiv haben sollen (bspw. Betriebsprüfer, Wirtschaftsprüfer etc.).

Reguläre Benutzer wird die Rolle USER zugewiesen.

User management is only available to users with the ADMIN role.

To use the user management, the administrative user must log in to the Benno MailArchiv WebApp. Afterwards, the user management can be accessed from within the WebApp (top right corner of the window: User Management). Access to the user management is only visible and possible when a user with the ADMIN role is logged in.

The authorization management system offers various possibilities.

Allgemeines:

Each user logs into the web app with their respective credentials.

Access rights to archived emails are determined on the one hand by roles (USER, REVISOR, …) and on the other hand by the email address or the list of email alias addresses that the user has.

(Das bedeutet: Berechtigungen werden durch die Zuordnung von Mailaliasen vergeben).

Example user “Lieschen Müller”:

For example, if the user has the email address lieschen.mueller@foo.bar as their only alias, they can only find emails from and to this address in the archive.

If the user has additional aliases (e.g., lm@foo.bar, lieschen@foo.bar, lmueller@foo.bar, etc.), they can also find emails from and to these alias addresses in the archive.

The same principle applies if the user has email addresses from multiple domains.

For example:

 lieschen.mueller@foo.bar

 lieschen.mueller@foofoo.bar

 lieschen.mueller@foofoofoo.bar

In this case, the user can find emails from these three email addresses (incoming/outgoing) in the archive.

Beispiel Wildcards:

Das Konzept geht noch weiter, in dem auch Wildcards verwendet werden können.

For example, the user "Lieschen Müller" in Benno MailArchiv can have the following wildcard aliases:

 lieschen.mueller@foo*.bar

That would, for example, replace the three aliases mentioned above.

Extended examples of wildcards:

1) If Klaus Meier is a team leader and should be able to see the emails of his assistant Lieschen Müller in addition to his own, then Lieschen Müller's aliases could be assigned to him in addition to his own.

2) Users with the wildcard alias *@foo.bar can read all emails from/to the domain foo.bar.

3) Users with the wildcard alias rechnun*@foo.bar could accordingly find emails from/to rechnung@foo.bar as well as rechnungen@foo.bar.

4) User mit dem Wildcard-Alias *@* können uneingeschränkt alle Mails lesen, die in dem Mandanten archiviert sind.