Ajcody-How-To-Setup-sendAs-Right-And-Persona-For-Internal-Users: Difference between revisions
Line 126: | Line 126: | ||
You should also be able to setup a persona under 2-sendas@ for the 1-sendas@test.com email address. | You should also be able to setup a persona under 2-sendas@ for the 1-sendas@test.com email address. | ||
=====View Of The SendAs Right To 2-sendas@ For The 1-sendas@ Account In 1-sendas@ ZWC Preferences===== | |||
You can see the sendAs rights that an account have given or been set for in the users Preferences > Accounts - "The following users have delegated authority to this account" area in ZWC. The user can also add the sendAs rights here : | |||
[[File:1-sendas_User_Grants_To_2-sendas_in_ZWC_Preferences.png|Left]] | |||
=====View Of The SendAs Right To 2-sendas@ For The 1-sendas@ Account In The Admin Console===== | =====View Of The SendAs Right To 2-sendas@ For The 1-sendas@ Account In The Admin Console===== |
Revision as of 21:20, 23 November 2013
Article Information |
---|
This article applies to the following ZCS versions. |
How To Setup A sendAs Right and Persona For Internal Users
The following How-to only applies to ZCS 8 and greater
Actual How To Setup A sendAs Right and Persona For Internal Users Home Page
Please see: Ajcody-To-Setup-sendAs-Right-And-Persona-For-Internal-Users
Changes In ZCS8+ For zimbraAllowFromAddress and Persona's
Prior to ZCS 8, one would use the zimbraAllowFromAddress variable to allow one user the means to send as another user. This variable in ZCS 8+ only applies when setting the variable for external users now, it no longer allows internal users or distribution lists [DL's]. If you try to add an internal user or DL to zimbraAllowFromAddress, you'll see an error like:
zmprov ma 11@test.com zimbraAllowFromAddress 12@test.com ERROR: service.INVALID_REQUEST (invalid request: zimbraAllowFromAddress may not contain an internal account: 12@test.com)
With ZCS 8.0 and above, there is an upgrade script that will migrate internal users and DL's that are set in zimbraAllowFromAddress to become sendAs rights and also within the zimbraPrefAllowAddressForDelegatedSender variables. This is mentioned in the Release Notes and in the following bug:
- "zimbraAllowFromAddress pref should exclude internal accounts"
- http://bugzilla.zimbra.com/show_bug.cgi?id=66387
- Please see Release Notes about doing this upgrade via the command : zmldapupgrade -b 66387
- Any internal account or distribution list address listed in zimbraAllowFromAddress attribute is converted to a grant of sendAs (for account) or sendAsDistList (for DL) right from the named account or DL. The address is added to the zimbraPrefAllowAddressForDelegatedSender attribute of the granting account/DL.
- http://bugzilla.zimbra.com/show_bug.cgi?id=66387
Warning - Must Reload Browsers To See Changes When Changing Rights
When you make changes that effects the rights the account has, they will not automatically show up in the user's ZWC session. You must reload the browser session - either by doing a logout/login or by "refreshing" the browser. Refreshing the browser might require it's "Refresh" that it offers or by clicking in the URL field and hitting enter.
Creating Initial Test Accounts
Login as the zimbra user:
su - zimbra
Create Two Test Accounts :
[zimbra@]$ zmprov ca 1-sendas@test.com STRONG_PASSWORD 9c16e165-09f0-4155-92e6-59df3a9f4609 [zimbra@]$ zmprov ca 2-sendas@test.com STRONG_PASSWORD 8690ce69-d2e0-4ab0-83e8-040f88c290c3
Create An Alias For The Account 1-sendas@
Create An Alias For One Of Our Users:
[zimbra@]$ zmprov aaa 1-sendas@test.com 1-sendas-alias@test.com
Configuring The Primary User Account - 1-sendas@ - To Use The Alias - 1-sendas-alias@ - Setup A Persona
Login to ZWC as the user [1-sendas@test.com] either directly or by the admin consoles "View Mail" option. You should notice that the alias is not available as an option to select in the From field and that you don't have a drop down to change the From field. This is because the alias was just setup to be used for email redirection when we did it above. To allow the user to send email also as the alias, you can setup a Persona to show this option in the From field.
- Click Add Persona
- Persona Name = 1-sendas-alias
- From: set to 1-sendas-alias@test.com
- Reply-to: set to 1-sendas-alias@test.com
- Use this persona: When replying or forwarding messages sent to: 1-sendas-alias@test.com
- Click the Save button at the upper left.
Now reload/refresh the browse to see changes. When you compose a new message now, you should see the alias as an option from the drop down box that's offered from the From field.
If the option is not there, log out of ZWC and log back in.
Granting The SendAs Right To 2-sendas@ For The 1-sendas@ Account
This section will grant 2-sendas@ to send messages as 1-sendas@ .
First, grant the right to 2-sendas@ for the 1-sendas@ account [option 1]:
[zimbra@]$ zmmailbox -z -m 1-sendas@test.com grr account 2-sendas@test.com sendAs granted: account 2-sendas@test.com sendAs
Or you can grant the right to 2-sendas@ for the 1-sendas@ account [option 2]:
[zimbra@]$ zmprov grr account 1-sendas@test.com usr 2-sendas@test.com sendAs
To confirm the grants that 1-sendas@ has allowed, do:
[zimbra@zcs804 ~]$ zmprov gg -t account 1-sendas@test.com target type target id target name grantee type grantee id grantee name right ------------ ------------------------------------ ----------------- ------------ ------------------------------------ ----------------- ------ account 55a3d686-bd61-4608-a4a3-0027f5aee6ff 1-sendas@test.com usr fb316632-35c7-4038-9b78-56f2ed8e9823 2-sendas@test.com sendAs
To confirm 2-sendas@ can send as 1-sendas@ , log into ZWC with the 2-sendas@ account or reload the browser session if you were already logged in as 2-sendas@. You should now see the following when you compose a new message:
You should also be able to setup a persona under 2-sendas@ for the 1-sendas@test.com email address.
View Of The SendAs Right To 2-sendas@ For The 1-sendas@ Account In 1-sendas@ ZWC Preferences
You can see the sendAs rights that an account have given or been set for in the users Preferences > Accounts - "The following users have delegated authority to this account" area in ZWC. The user can also add the sendAs rights here :
View Of The SendAs Right To 2-sendas@ For The 1-sendas@ Account In The Admin Console
A screen shot of the admin console of the changes we made above via the CLI
Granting The SendAs Right To 2-sendas@ For The 1-sendas@ Account's Alias 1-sendas-alias@ Address
If an account has multiple addresses it needs to share out, these additional steps are necessary for the accounts that are NOT its primary email address - for example, an alias.
First, when adding these additional accounts, you DO NOT set the grant like you did to the primary email address of the account. Attempting to use the alias, for example, will not work.
[zimbra@]$ zmmailbox -z -m 1-sendas-alias@test.com grr account 2-sendas@test.com sendAs granted no right
No right was granted above because grants are actually set to the primary account, not the alias.
Another key point to remember when an account needs to grant any of the sendAs rights for multiple email addresses it manages [aliases for example], it must also set ALL of its sendAs addresses in the zimbraPrefAllowAddressForDelegatedSender variable. If an account is only granting the sendAs rights to its primary email address, then this variable will be blank by default and can be left blank. Example of the value prior to setting the sendAs grant will look like:
[zimbra@]$ zmprov ga 1-sendas@test.com zimbraPrefAllowAddressForDelegatedSender # name 1-sendas@test.com
Remember, we have already granted 2-sendas@test.com sendAs rights to 1-sendas@test.com in our prior steps and confirm 2-sendas@ can send emails as 1-sendas@ .
To include the additional email address that 1-sendas@ has for 2-sendas@ to send messages as, do the following.
Set the primary email address in the zimbraPrefAllowAddressForDelegatedSender value:
zmprov ma 1-sendas@test.com +zimbraPrefAllowAddressForDelegatedSender 1-sendas@test.com
Now add the alias also:
zmprov ma 1-sendas@test.com +zimbraPrefAllowAddressForDelegatedSender 1-sendas-alias@test.com
Confirm the changes:
[zimbra@]$ zmprov ga 1-sendas@test.com zimbraPrefAllowAddressForDelegatedSender # name 1-sendas@test.com zimbraPrefAllowAddressForDelegatedSender: 1-sendas-alias@test.com zimbraPrefAllowAddressForDelegatedSender: 1-sendas@test.com
Reload the browser session for 2-sendas@ and you'll now see:
Only Seeing The Alias 1-sendas-alias@ For 1-sendas@ As An Option For 2-sendas@
If you did not include the primary email address of the account in the zimbraPrefAllowAddressForDelegatedSender but later added another email address it has, an alias for example, the accounts that were granted the sendAs right will only then see the alias email address when they try to sendAs that user. For example, if you did:
[zimbra@]$ zmprov ma 1-sendas@test.com +zimbraPrefAllowAddressForDelegatedSender 1-sendas-alias@test.com
And the current value then showed:
[zimbra@]$ zmprov ga 1-sendas@test.com zimbraPrefAllowAddressForDelegatedSender # name 1-sendas@test.com zimbraPrefAllowAddressForDelegatedSender: 1-sendas-alias@test.com
The only option the 2-sendas@ account you get would be for 1-sendas-alias@test.com . For example:
To correct this, you will need to add the primary address to the zimbraPrefAllowAddressForDelegatedSender and the 2-sendas@ users would need to reload the browser to then see both 1-sendas@test.com and 1-sendas-alias@test.com .
[zimbra@]$ zmprov ma 1-sendas@test.com +zimbraPrefAllowAddressForDelegatedSender 1-sendas@test.com
Confirm the change:
[zimbra@]$ zmprov ga 1-sendas@test.com zimbraPrefAllowAddressForDelegatedSender # name 1-sendas@test.com zimbraPrefAllowAddressForDelegatedSender: 1-sendas-alias@test.com zimbraPrefAllowAddressForDelegatedSender: 1-sendas@test.com
Reload the browser session for 2-sendas@ and you'll now see: