Restrict Admin 'View Mail'

From Zimbra :: Wiki

Jump to: navigation, search

This Wiki describes how to create a 'Delegated Admin Group' with all of the 'Global Admin' rights except 'View Mail' feature.


As per ZCS 7.2 it is not possible to configure grants for global administrator, but you could use the below example steps to create a delegated admin group where the group is assigned with all the rights except "View Mail" feature, next time just create new users as delegated admins and add them to this group.


Commands to run:

  • Create Distribution list:

zmprov cdl testdl2@zcs.domain.com zimbraIsAdminGroup TRUE

  • Modify Distribution list:

zmprov mdl testdl2@zcs.domain.com zimbraAdminConsoleUIComponents accountListView zimbraAdminConsoleUIComponents DLListView zimbraAdminConsoleUIComponents aliasListView zimbraAdminConsoleUIComponents resourceListView zimbraAdminConsoleUIComponents COSListView zimbraAdminConsoleUIComponents domainListView zimbraAdminConsoleUIComponents serverListView zimbraAdminConsoleUIComponents zimletListView zimbraAdminConsoleUIComponents adminZimletListView zimbraAdminConsoleUIComponents globalConfigView zimbraAdminConsoleUIComponents globalServerStatusView zimbraAdminConsoleUIComponents helpSearch zimbraAdminConsoleUIComponents saveSearch zimbraAdminConsoleUIComponents mailQueue zimbraAdminConsoleUIComponents backupsView zimbraAdminConsoleUIComponents certsView zimbraAdminConsoleUIComponents softwareUpdatesView zimbraAdminConsoleUIComponents bulkProvisionTasksView zimbraAdminConsoleUIComponents perServerStatisticsView zimbraAdminConsoleUIComponents globalPermissionView zimbraAdminConsoleUIComponents rightListView

  • Grant Rights:

zmprov grr global grp testdl2@zcs.domain.com +domainAdminRights ; zmprov grr global grp testdl2@zcs.domain.com +adminConsoleAliasRights ; zmprov grr global grp testdl2@zcs.domain.com +adminConsoleDomainRights ; zmprov grr global grp testdl2@zcs.domain.com +adminConsoleCOSRights ; zmprov grr global grp testdl2@zcs.domain.com +adminConsoleServerStatusRights ; zmprov grr global grp testdl2@zcs.domain.com +adminConsoleResourceRights ; zmprov grr global grp testdl2@zcs.domain.com +adminConsoleSoftwareUpdatesRights ; zmprov grr global grp testdl2@zcs.domain.com +adminConsoleServerStatisticRights ; zmprov grr global grp testdl2@zcs.domain.com +adminConsoleExtensionRights ; zmprov grr global grp testdl2@zcs.domain.com +adminConsoleBackupRights ; zmprov grr global grp testdl2@zcs.domain.com +adminConsoleMigrationRights ; zmprov grr global grp testdl2@zcs.domain.com +adminConsoleMailQueueRights ; zmprov grr global grp testdl2@zcs.domain.com +adminConsoleSavedSearchRights ; zmprov grr global grp testdl2@zcs.domain.com +adminConsoleDLRights ; zmprov grr global grp testdl2@zcs.domain.com +adminConsoleCertificateRights ; zmprov grr global grp testdl2@zcs.domain.com +adminConsoleGlobalRights ; zmprov grr global grp testdl2@zcs.domain.com +adminConsoleGlobalACLTabRights ; zmprov grr global grp testdl2@zcs.domain.com +adminConsoleServerRights ; zmprov grr global grp testdl2@zcs.domain.com +adminConsoleAccountRights ; zmprov grr global grp testdl2@zcs.domain.com +adminConsoleZimletRights


  • For exiting domains and also when you create new domains, you need to run below commands.

zmprov grr domain zcs.domain.com grp testdl2@zcs.domain.com +domainAdminRights ; zmprov grr domain zcs.domain.com grp testdl2@zcs.domain.com -adminLoginAs

  • When you are creating an user, you need to use below steps.

zmprov ca testuser1@zcs.domain.com test12 zimbraIsDelegatedAdminAccount TRUE ; zmprov adlm testdl@zcs.domain.com testuser1@zcs.domain.com

  • To flush the cache run the below command:

zmprov fc all


RFE for ZCS 8

http://bugzilla.zimbra.com/show_bug.cgi?id=54120

Make "View Mail" feature in the Admin Console as an admin extension

Personal tools