By default all printing is automatically charged to the user's personal account. For a user to be able to select a shared account the user needs to be granted access to account selection popup.
Access to the account selection popup, as shown in the above figure, is controlled at the user level on the user's details page. The Show the account selection popup option needs to be selected for each user that requires access to shared accounts. System administrators might find the Bulk user actions section under the User List screen convenient for applying this change to many users.
Note
It is also possible to automatically charge printing to a single shared account without the need for the popup. This can be useful in environments where a user only ever needs to charge to a single shared account, and it is not desirable to display the popup.
Important
Users need to restart their workstation (or manually restart the PaperCut client software) for this change to take affect.
Users with the Show the account selection popup option enabled need to be running the client software at all times. Print jobs will not print until the user has selected the account.
In addition to granting users access to the popup they also need to be granted access to a shared account. Shared accounts access can be controlled using two methods:
Network group membership
PINs (also known as security codes or passwords)
If an account is allocated a PIN (an alpha-numeric access code) users with knowledge of the PIN can select the account. A PIN based system would be a sensible selection in an organization when PINs are already in use for other systems such as photocopiers or door access codes.
Tip
PINs/codes can also be used when using parent and sub-accounts. To select a specific sub-account
from the client software, both the parent and sub-account pins are required. They should be entered in
the format of: [parentPIN]-[subPIN] (i.e. they are separated by a hypen).
An alternate method is to delegate access to the shared account via network group membership. One advantage of group based control is that users do not have to remember PINs. Most medium to large organizations will already have their network structured into suitable groups representing their position, title, department or work area. These existing groups may be used to control access. Access to shared accounts can also be granted on an individual user basis, however best practice suggests group-based management for medium to large networks.
Tip
In a Windows Active Directory environment, Organization Units are treated as special groups. Hence they also can be used to control access to a shared account.
Controlling access to shared accounts via group membership rather than individual user accounts is recommended. By using group based control, new users created on the network inherit the correct account access by virtue of their network group membership. This alleviates the need for additional user setup inside PaperCut NG.
To grant access to a shared account or all members in a given network group:
Log into the system as an administrator (i.e. admin account).
Select the Accounts tab.
Select the appropriate shared account from the list.
Click on the Security tab.
Select the appropriate group from the drop-down list.
Click the button.
Tip
Security settings of multiple shared accounts can be changed simultaneously by clicking on the Bulk account actions... link under the Accounts tab. More information is available in the section called “Bulk User Operations”.
PIN/codes provide a convenient way to select shared accounts. However this convenience may compromise security when short or guessable PINs are used. For this reason PaperCut NG allows the user/group security to be also applied to PIN/code access. This allows sites to use convenient and short codes with confidence that only authorized users are granted access.
To enforce user/group security for PIN/code access:
Log into the system as an administrator (i.e. admin account).
Go to the Options tab, to the Account Options section.
Change the Access rules defined on shared account security tab apply to: setting to both PIN/code and selection from list.
Click the button.
With this setting changed, users can only select an account using PIN/code when they:
know the PIN/code; and
are in the account's user/group security