LISTSERV Maestro 11.1-3 Help Table Of Contents

Edit User Settings

This screen is used to edit the account data and the user right settings (privileges) of an account in your group.

Account Data

  • Name: Specify the account name.

  • Contact Email Address: Specify the contact address for the account here.

    The contact address is used to allow the account holder to recover from a situation where he forgot his account name and/or password. In addition, the contact address is used as the recipient address for email notifications that are sent to this account.

User Authentication

LISTSERV Maestro supports three modes of user authentication:

  • Internal Passwords: With internal passwords, user logins are validated through secure password hashes stored and maintained entirely in Maestro. Use this option if you are unable to use an external directory for user authentication.

  • Windows Active Directory: Choose this option if your users shall use their windows domain passwords for logging in to Maestro. For a user configured to use this variant of authentication, Maestro no longer stores and maintains a password or hash internally but instead performs a Kerberos V5 login on behalf of the user.

  • Standard LDAP: Choose this option if you plan to maintain user passwords in a standard LDAP directory (such as OpenLDAP). Similar to Windows Active Directory authentication, Maestro no longer stores and maintains a password or hash internally. To verify a user login, an LDAP BIND operation on behalf of the user is performed. Note: For security reasons, your LDAP server must be configured with SSL enabled, to avoid user passwords being sent over an unencrypted connection.

Using Internal Passwords

With internal passwords, a user must have a password registered in Maestro in order to log in. When configuring a user account initially with internal passwords (i.e. either during account creation or later, when switching from one of the other two authentication variants), you must supply the initial one-time password. This password is intended for the initial user login only and the user must change it directly after having logged in, to keep the actual password private to the user.

Later, when the account is already configured with internal passwords, you can use this screen to assist the user in recovering from a forgotten password. Click the Set One-Time Password link to define the password. Then send it to the user (through a secure channel of your choice), allowing another initial login with this password.

  • One-Time Password: Specify the one-time password of the account. This password overwrites any currently existing password, allowing the user to recover from a forgotten password.

  • Password Confirmation: Enter the same password as in the One-Time Password field, to confirm it and avoid typos.

Using Windows Active Directory Authentication

  • Domain Controller / Domain Name: The domain controller must be reachable from the servers running the LUI and HUB components of Maestro. An SSL setup on the domain controller is not necessary because login through the Kerberos protocol does not send user passwords over the connection.

    • With inherited settings: The domain controller and domain name which are configured for the group by the system administrator are used and quoted on the screen.

    • With custom settings: Select the "Use custom settings" choice if this user shall use a non-default domain controller and/or a non-default domain name.

  • User: The "user" part by default is created dynamically from the user account's name. If the user account name matches the given name of the user account in your Active Directory, then you do not have to supply a custom input in this field. If instead this user shall authenticate vs. a different user account in your Active Directory, then you can overwrite the default that is shown inline in the input field.

Using Standard LDAP Authentication

  • LDAP Host: This host must be reachable from the servers running the LUI and HUB components of Maestro. Standard LDAP uses unencrypted communication and also sends passwords through this insecure channel, which is why Maestro enforces an SSL setup on the LDAP host and uses the LDAPS protocol for communication.

    • With inherited settings: The LDAP host that has been configured by the system administrator for your group is used as shown on the screen.

    • With custom settings: If this user shall use a non-default LDAP host, then you have to select the "Use custom settings" choice in order to supply a custom LDAP host.

  • LDAP Entry: The LDAP Entry input already shows the value that is used by default. If this account shall use a different LDAP entry for authentication, overwrite the shown default with the custom value.

User Right Settings

  • Create New Jobs: If granted, the user is allowed to create new jobs. If not granted, the user may still be allowed to collaborate on jobs other group members have created (depending on the collaboration settings of the individual jobs).

    In addition, if this right is granted, you must also define who will be the owner of all jobs that this user creates:

    • Created jobs are owned by this user: If selected, any jobs that the user creates are automatically owned by this user. Other users in the same group may collaborate on a job, if the collaboration settings of the individual job permit.

    • Created jobs are owned by the following user: If selected, you must also select one of the user names from the drop-down menu. The list shows all users in your group (except for the edited user). The user account that is selected from the list will become the owner of all jobs that are created by the edited user. In addition, the default team collaboration settings of this owner (as defined by that user in their preferences settings) will be applied to all such jobs after creation.

      Note:The default team collaboration settings of the selected owner must include the edited user with at least one of the collaboration rights so that they are actually able to collaborate (with whatever function) on the job that they have just created.

    Note: Changes to the owner settings only apply to jobs that are created after the changes are submitted. Any jobs created previously are unaffected; they remain in the ownership of the same users as they were before.

  • Create New Reports: If granted, the user is allowed to create new reports. If not granted, then the user may still be allowed to collaborate on reports other group members have created (depending on the collaboration settings of the individual reports).

  • Administer Sender Profiles: If granted, the user can create new sender profiles and can edit and delete existing ones. If not granted, the user is still allowed to use all sender profiles other group members have created.

  • Administer Drop-Ins: If granted, then the user can create new drop-in content elements and can edit and delete existing ones. If not granted, then the user is still allowed to use all drop-in elements other group members have created.

  • Administer Content Templates: If granted, then the user can create new content templates and can edit and delete existing ones and can enable/disable existing templates. If not granted, then the user is still allowed to use all content templates other group members have created and enabled.

  • Administer Target Groups: If granted, the user can create new recipient target groups and can edit and delete existing ones.

  • Administer Subscriber Lists and Lookup Tables: If granted, the user can create new subscriber lists, list groups and lookup tables and can edit and delete existing ones.

  • View All Jobs, Reports And Subscriber Lists: If granted, the user is allowed to:

    • View all jobs in the group, even if they are owned by other group members and no specific collaboration rights have been granted.

    • Execute all reports in the group, even if they are owned by other group members and the specific "execute" right has not been granted.

    • View and download all subscriber data for all datasets in the group, even if the specific "browse subscribers" right has not been granted.

    If not granted, then the user may still be allowed to view jobs, execute reports and browse/download subscriber data for jobs, reports and datasets that are owned by other group members (depending on the individual collaboration settings).

  • Edit Suppression List Data: If granted, the user can add, edit and remove entries in the address suppression list.

  • Data Protection Officer: The user may view privacy-related subscriber data (typically through the "Email Address Data Report" available here). Using the the same report page, the user also is allowed to delete privacy-related data related to a given subscriber email address and associated with the group.

  • Edit Group-Wide Settings: If granted, the user can edit such preferences and general settings that affect all users in the group.

Click [OK] to submit your changes, [Delete] to delete the selected user account, or click in the menu bar to leave the screen without saving.

Note: It is not possible to delete your own account.

© 2002-2023 L-Soft Sweden AB. All rights reserved.