# Access control management

<figure><img src="https://835495363-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FsZ8acWnNlSalIHQjMFu1%2Fuploads%2F4DqnHg1P8MYhqiIz0UMx%2Fmodule-index-page.png?alt=media&#x26;token=2868423c-a805-45ae-8773-cae46fa16c23" alt=""><figcaption><p>The module page for configuring access groups</p></figcaption></figure>

Additionally, the module allows for authentication in MikoPBX using external LDAP/AD services or simply assigning a login and password to each employee.

<figure><img src="https://835495363-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FsZ8acWnNlSalIHQjMFu1%2Fuploads%2F8zLBv8cR8mR2ixJcpu65%2Fen_userManagement.png?alt=media&#x26;token=cfcad691-44c9-4953-ad70-a829d5784dcd" alt=""><figcaption><p>Assignment of access groups and authentication credentials</p></figcaption></figure>

The module also adds a new tab to the employee settings page, allowing for quick assignment of access groups or password changes directly from their profile card.

<figure><img src="https://835495363-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FsZ8acWnNlSalIHQjMFu1%2Fuploads%2FUNH0lyTjGFpiSnbRtaOL%2FManageAccessOnUserTab.png?alt=media&#x26;token=dfd552cc-2f6f-4528-b094-2c228338db5d" alt=""><figcaption><p>An additional tab in the employee profile card with access group configuration settings</p></figcaption></figure>

Let's consider a few common scenarios for MikoPBX access control:

### Scenario 1: Access for Multiple Administrators

1. Create an access group and enable the **Group without access restrictions** toggle.
2. Choose the home page that administrators will land on after authentication.

<figure><img src="https://835495363-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FsZ8acWnNlSalIHQjMFu1%2Fuploads%2FxX1IBLFxZNCMZUk9eoVp%2FEN-FullAccessGroup.png?alt=media&#x26;token=8824df8c-8987-4532-acb2-bf8d72962437" alt=""><figcaption><p>Setting up the access group for administrators</p></figcaption></figure>

Next, navigate to the "Users" tab of the access group and select the employees who will be granted permission to administer the system.

<figure><img src="https://835495363-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FsZ8acWnNlSalIHQjMFu1%2Fuploads%2FOWl7rPKLHFBg33wmf8S9%2FSelectUsers4Group.png?alt=media&#x26;token=c32e9dd4-5b2f-4740-b35f-3c6eede64d57" alt=""><figcaption><p>To select users for the access group</p></figcaption></figure>

### Scenario 2: Access Limited to IVR Menu Administration&#x20;

Create an access group with restricted privileges that grants access only to IVR menu administration.

<figure><img src="https://835495363-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FsZ8acWnNlSalIHQjMFu1%2Fuploads%2FB5RsNjWDzB4zwbOa4uQL%2FEN-CDR-Settings.png?alt=media&#x26;token=5df67a0d-c710-45a5-afcc-4c914d83beb5" alt=""><figcaption><p>Access group with IVR menu editing rights</p></figcaption></figure>

Next, go to the **Setting permissions** tab and select only the necessary rights to view and modify existing IVR menus.

<figure><img src="https://835495363-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FsZ8acWnNlSalIHQjMFu1%2Fuploads%2FTSxOk1Bf42D4OnLhh6et%2FOnlyIVRMenu.png?alt=media&#x26;token=09555d89-95a2-44aa-a4b7-6bfe5e3e1d6b" alt=""><figcaption><p>Detailed access control settings in MikoPBX</p></figcaption></figure>

Assign the access group to employees who will administer the IVR menus and save the access group.

### Scenario 3: Access to Call History with User Filtering&#x20;

Create an access group, disable full privileges, and grant access only to the call history section with user filtering.

<figure><img src="https://835495363-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FsZ8acWnNlSalIHQjMFu1%2Fuploads%2FrDMXkwiL98DsPfXumj1U%2Fen-CDR-access.png?alt=media&#x26;token=ba1dde56-9dc3-49f1-b837-274dca2a4c85" alt=""><figcaption><p>Configure access to call history in MikoPBX</p></figcaption></figure>

When selecting this section, an additional tab appears in the module settings, allowing you to configure permissions for viewing and listening to call recordings on a per-employee basis.

<figure><img src="https://835495363-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FsZ8acWnNlSalIHQjMFu1%2Fuploads%2F5PouEKNosiU1TIuL9AVi%2FEN-CDR-Filter.png?alt=media&#x26;token=c56124f6-bbd9-4229-bcad-f85f0457f961" alt=""><figcaption><p>Configuring permissions for listening and viewing call recording history in MikoPBX</p></figcaption></figure>

You can select various filtering options and employees whose call recordings can be listened to by users within this access group.

### LDAP Authorization Configuration&#x20;

The module allows users to be authenticated either with a simple login-password pair or by using an external LDAP authentication server. To configure the connection with the server, navigate to the "Domain Authorization Settings" tab.

<figure><img src="https://835495363-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FsZ8acWnNlSalIHQjMFu1%2Fuploads%2F3zQxx31FAXOTyXcQkkT0%2FenLdapSettings.png?alt=media&#x26;token=dd48b8ff-2353-42af-9bed-e75e5bb42ea5" alt=""><figcaption><p>Setting up access parameters for the domain controller</p></figcaption></figure>

Please provide the access parameters to your domain. If necessary, specify the parameters for the organizational unit and the filter for user accounts. Before saving, you can perform a connection data check and retrieve a list of users from the server.

<figure><img src="https://835495363-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FsZ8acWnNlSalIHQjMFu1%2Fuploads%2Fal0IdyZ2D52Ky403vb8v%2FenLdapCheck.png?alt=media&#x26;token=28dd626c-1e33-4b4c-be6b-e616be2d06a8" alt=""><figcaption><p>Testing the connection with the domain controller</p></figcaption></figure>

At the end, you can enter user credentials to test the authorization and save the module settings.