Steps to export grants n views of a delegated admin and create a new delegated admin with same grants and views: Difference between revisions

(Created page with "=== <h1>Steps_to_export_grants_n_views_of_a_delegated_admin_and_create_a_new_delegated_admin_with_same_grants_and_views</h1> === <hr> <br> <h2>Problem: </h2> <p>Export grants...")
 
No edit summary
(3 intermediate revisions by one other user not shown)
Line 1: Line 1:
=== <h1>Steps_to_export_grants_n_views_of_a_delegated_admin_and_create_a_new_delegated_admin_with_same_grants_and_views</h1> ===
{{BC|Certified}}
__FORCETOC__
<div class="col-md-12 ibox-content">
=Export grants & views of a delegated admin and create a new delegated admin with same grants & views=  
<hr>
<hr>
<br>
{{KB|{{ZC}}|{{ZCS 8.8}}|{{ZCS 8.7}}|{{ZCS 8.6}}|{{ZCS 8.5}}|}}
{{WIP}} 
 
====Problem====
 
Export grants & views of a delegated admin and create a new delegated admin with the same grants & views


<h2>Problem: </h2>
====Solution====
<p>Export grants and views of a delegated/domain admin and create a new delegated admin with same grants and views..</p>


<h2>Solution:</h2>
'''Note:''' '''This is only applicable for legacy admin module and does not apply for Zimbra NG module.'''


Here we have an existing delegated admin '''"myadmin@DOMAIN.COM"''' and we will create a new delegated admin ''''"newadmin@DOMAIN.COM"''' with same views and grants.<br>
Here we have an existing delegated admin '''"myadmin@DOMAIN.COM"''' and we will create a new delegated admin ''''"newadmin@DOMAIN.COM"''' with the same views and grants.


'''1)'''.  Check enabled views of existing delegated admin:-
'''1)'''.  Check enabled views of existing delegated admin:-
zmprov -l ga myadmin@DOMAIN.COM | egrep -i 'zimbraAdminConsoleUIComponents|zimbraIsDelegatedAdminAccount:'
Output:-
zimbraAdminConsoleUIComponents: accountListView
zimbraAdminConsoleUIComponents: downloadsView
zimbraAdminConsoleUIComponents: DLListView
zimbraAdminConsoleUIComponents: aliasListView
zimbraAdminConsoleUIComponents: resourceListView
zimbraAdminConsoleUIComponents: saveSearch
zimbraIsDelegatedAdminAccount: TRUE


<pre>zmprov -l ga myadmin@DOMAIN.COM | egrep -i 'zimbraAdminConsoleUIComponents|zimbraIsDelegatedAdminAccount:'</pre>
<pre>Output:-
zimbraAdminConsoleUIComponents: accountListView
zimbraAdminConsoleUIComponents: downloadsView
zimbraAdminConsoleUIComponents: DLListView
zimbraAdminConsoleUIComponents: aliasListView
zimbraAdminConsoleUIComponents: resourceListView
zimbraAdminConsoleUIComponents: saveSearch
zimbraIsDelegatedAdminAccount: TRUE</pre>


'''2)'''.  Check or export assigned rights of the delegated admin :-  
'''2)'''.  Check or export assigned rights of the delegated admin :-  
<pre>zmprov gg -g usr myadmin@DOMAIN.COM</pre>
zmprov gg -g usr myadmin@DOMAIN.COM  
 
Output:-
Output:-
     target type  target id                            target name        grantee type grantee id                          grantee name      right
     target type  target id                            target name        grantee type grantee id                          grantee name      right
Line 31: Line 40:
     domain      1ccb92be-56cc-4962-b964-b07af84dc118 DOMAIN.COM        usr          87609353-a8fb-4ed5-b750-6b538cd52f35 myadmin@DOMAIN.COM domainAdminConsoleRights
     domain      1ccb92be-56cc-4962-b964-b07af84dc118 DOMAIN.COM        usr          87609353-a8fb-4ed5-b750-6b538cd52f35 myadmin@DOMAIN.COM domainAdminConsoleRights


'''3)'''.    Now we have to fine tune above output for new admin.


<pre>global usr myadmin@DOMAIN.COM adminLoginCalendarResourceAs
'''3)'''.    Now we have to fine tune above output for a new admin.
global usr myadmin@DOMAIN.COM domainAdminZimletRights
 
domain DOMAIN.COM usr myadmin@DOMAIN.COM domainAdminConsoleRights </pre>
global usr myadmin@DOMAIN.COM adminLoginCalendarResourceAs
global usr myadmin@DOMAIN.COM domainAdminZimletRights
domain DOMAIN.COM usr myadmin@DOMAIN.COM domainAdminConsoleRights  


'''4)'''.    Create a file "/tmp/grants.txt" with the exported grants and replace old admin name with new delegated admin.
Prepare exported grant file for new delegated admin (newadmin@DOMAIN.COM).  File must have grants in following format:- 


<pre>grr global usr newadmin@DOMAIN.COM adminLoginCalendarResourceAs
'''4)'''.    Create a file "/tmp/grants.txt" with the exported grants and replace old admin name with new delegated admin.<br>  
grr global usr newadmin@DOMAIN.COM domainAdminZimletRights
Prepare exported grant file for new delegated admin (newadmin@DOMAIN.COM). The file must have grants in the following format:- 
grr domain DOMAIN.COM usr newadmin@DOMAIN.COM domainAdminConsoleRights</pre>


'''5)'''.   Now we will create new delegated admin with same views as existing admin has: -
grr global usr newadmin@DOMAIN.COM adminLoginCalendarResourceAs
grr global usr newadmin@DOMAIN.COM domainAdminZimletRights
grr domain DOMAIN.COM usr newadmin@DOMAIN.COM domainAdminConsoleRights


<pre>zmprov ca newadmin@DOMAIN.COM PASSWORD zimbraIsDelegatedAdminAccount TRUE zimbraAdminConsoleUIComponents accountListView zimbraAdminConsoleUIComponents downloadsView zimbraAdminConsoleUIComponents DLListView zimbraAdminConsoleUIComponents aliasListView zimbraAdminConsoleUIComponents resourceListView zimbraAdminConsoleUIComponents saveSearch
</pre>


'''6)'''.    Here we will assign grants from prepared file in Step4:-  
'''5)'''.    Now we will create a new delegated admin with the same views as existing admin has: -


<pre>zmprov < /tmp/grants.txt
zmprov ca newadmin@DOMAIN.COM <PASSWORD> zimbraIsDelegatedAdminAccount TRUE zimbraAdminConsoleUIComponents accountListView zimbraAdminConsoleUIComponents downloadsView zimbraAdminConsoleUIComponents DLListView zimbraAdminConsoleUIComponents aliasListView zimbraAdminConsoleUIComponents resourceListView zimbraAdminConsoleUIComponents saveSearch
</pre>


'''7)'''.    Now check grants of newly created delegated admin, output of below command must be similar as output of Step2:-


<pre>zmprov gg -g usr newadmin@DOMAIN.COM</pre>
'''6)'''.    Here we will assign grants from the prepared file in Step4:-  


Some additional tips for those admins who loves to play with sed and awk:-  
zmprov < /tmp/grants.txt
=================================================================================================
 
Here we are exporting and redirecting grants to a file, and preparing grants for new delegated admin.     
 
'''Note''': These steps are only for domain and global level grants. If there are other level grants assigned to delegated admin then use "awk" carefully to extract correct column.
'''7)'''.    Now check grants of newly created delegated admin, the output of below command must be similar to the output of Step2:-
 
zmprov gg -g usr newadmin@DOMAIN.COM
 
<br>
<br>
<br>
=== Extra Notes: ===
Some additional tips for those admins who loves to play with sed and awk:-<br>
 
Here we are exporting and redirecting grants to a file, and preparing grants for new delegated admin.<br>    
<code>'''NOTE''': These steps are only for Domain and Global level grants. If there are other level grants assigned to delegated admin then use "awk" carefully to extract correct column.</code>
 
zmprov gg -g usr myadmin@DOMAIN.COM | grep ^global | awk '{print $1,$3,$5,$6}'  >> /tmp/grants.txt
zmprov gg -g usr myadmin@DOMAIN.COM | grep ^domain | awk '{print $1,$3,$4,$6,$7}'  >> /tmp/grants.txt
 
Check the content of the file "/tmp/grants.txt" and the output will look like the following:-
 
cat /tmp/grants.txt
global usr newadmin@DOMAIN.COM adminLoginCalendarResourceAs
global usr newadmin@DOMAIN.COM domainAdminZimletRights
domain DOMAIN.COM usr newadmin@DOMAIN.COM domainAdminConsoleRights


<pre>$ zmprov gg -g usr myadmin@DOMAIN.COM | grep ^global | awk '{print $1 " " $3 " " $5 " " $6}'  >> /tmp/grants.txt
$ zmprov gg -g usr myadmin@DOMAIN.COM | grep ^domain | awk '{print $1 " " $3 " " $4 " " $6 " " $7}'  >> /tmp/grants.txt
</pre>
Check content of file "/tmp/grants.txt" and the output will be look like following:-
<pre>
$ cat /tmp/grants.txt
global usr newadmin@DOMAIN.COM adminLoginCalendarResourceAs
global usr newadmin@DOMAIN.COM domainAdminZimletRights
domain DOMAIN.COM usr newadmin@DOMAIN.COM domainAdminConsoleRights</pre>
Add "grr" at the beginning of each line:-  
Add "grr" at the beginning of each line:-  
<pre>$ sed -i 's/^/grr /' /tmp/grants.txt</pre> 
sed -i 's/^/grr /' /tmp/grants.txt  
 
Now file will show content in following format:-  
Now file will show content in following format:-  
<pre>$ cat /tmp/grants.txt  
cat /tmp/grants.txt  
grr global usr newadmin@DOMAIN.COM adminLoginCalendarResourceAs
grr global usr newadmin@DOMAIN.COM adminLoginCalendarResourceAs
grr global usr newadmin@DOMAIN.COM domainAdminZimletRights
grr global usr newadmin@DOMAIN.COM domainAdminZimletRights
grr domain DOMAIN.COM usr newadmin@DOMAIN.COM domainAdminConsoleRights</pre>
grr domain DOMAIN.COM usr newadmin@DOMAIN.COM domainAdminConsoleRights  
Now replace old delegated admin email-id with new delegated admin:-  
 
<pre>sed -i 's/myadmin@DOMAIN.COM/newadmin@DOMAIN.COM/' /tmp/grants.txt</pre>
Replace old delegated admin email-id with new delegated admin:-  
=================================================================================================
sed -i 's/myadmin@DOMAIN.COM/newadmin@DOMAIN.COM/' /tmp/grants.txt  


Now we will assign grants to new delegated admin with prepared file ''/tmp/grants.txt''
zmprov < /tmp/grants.txt




Regards,<br>
{{Article Footer|ZCS 8.8, 8.7, 8.6, 8.5|2018-08-13}}
Heera Singh Koranga

Revision as of 12:44, 13 August 2018

  1. Zimbra Tech Center
  2. Certified
  3. Steps to export grants n views of a delegated admin and create a new delegated admin with same grants and views

Export grants & views of a delegated admin and create a new delegated admin with same grants & views

   KB 23341        Last updated on 2018-08-13  




0.00
(0 votes)


Problem

Export grants & views of a delegated admin and create a new delegated admin with the same grants & views

Solution

Note: This is only applicable for legacy admin module and does not apply for Zimbra NG module.

Here we have an existing delegated admin "myadmin@DOMAIN.COM" and we will create a new delegated admin '"newadmin@DOMAIN.COM" with the same views and grants.

1). Check enabled views of existing delegated admin:- 

zmprov -l ga myadmin@DOMAIN.COM | egrep -i 'zimbraAdminConsoleUIComponents|zimbraIsDelegatedAdminAccount:'

Output:- 

zimbraAdminConsoleUIComponents: accountListView
zimbraAdminConsoleUIComponents: downloadsView
zimbraAdminConsoleUIComponents: DLListView
zimbraAdminConsoleUIComponents: aliasListView
zimbraAdminConsoleUIComponents: resourceListView
zimbraAdminConsoleUIComponents: saveSearch
zimbraIsDelegatedAdminAccount: TRUE


2). Check or export assigned rights of the delegated admin :- 

zmprov gg -g usr myadmin@DOMAIN.COM

Output:- 

    target type  target id                            target name        grantee type grantee id                           grantee name       right
    ------------ ------------------------------------ ------------------ ------------ ------------------------------------ ------------------ --------------------
    global                                            globalacltarget    usr          87609353-a8fb-4ed5-b750-6b538cd52f35 myadmin@DOMAIN.COM adminLoginCalendarResourceAs
    global                                            globalacltarget    usr          87609353-a8fb-4ed5-b750-6b538cd52f35 myadmin@DOMAIN.COM domainAdminZimletRights
    domain       1ccb92be-56cc-4962-b964-b07af84dc118 DOMAIN.COM         usr          87609353-a8fb-4ed5-b750-6b538cd52f35 myadmin@DOMAIN.COM domainAdminConsoleRights


3). Now we have to fine tune above output for a new admin. 

global usr myadmin@DOMAIN.COM adminLoginCalendarResourceAs
global usr myadmin@DOMAIN.COM domainAdminZimletRights
domain DOMAIN.COM usr myadmin@DOMAIN.COM domainAdminConsoleRights


4). Create a file "/tmp/grants.txt" with the exported grants and replace old admin name with new delegated admin.
Prepare exported grant file for new delegated admin (newadmin@DOMAIN.COM). The file must have grants in the following format:- 

grr global usr newadmin@DOMAIN.COM adminLoginCalendarResourceAs
grr global usr newadmin@DOMAIN.COM domainAdminZimletRights 
grr domain DOMAIN.COM usr newadmin@DOMAIN.COM domainAdminConsoleRights


5). Now we will create a new delegated admin with the same views as existing admin has: - 

zmprov ca newadmin@DOMAIN.COM <PASSWORD> zimbraIsDelegatedAdminAccount TRUE zimbraAdminConsoleUIComponents accountListView zimbraAdminConsoleUIComponents downloadsView zimbraAdminConsoleUIComponents DLListView zimbraAdminConsoleUIComponents aliasListView zimbraAdminConsoleUIComponents resourceListView zimbraAdminConsoleUIComponents saveSearch


6). Here we will assign grants from the prepared file in Step4:- 

zmprov < /tmp/grants.txt


7). Now check grants of newly created delegated admin, the output of below command must be similar to the output of Step2:- 

zmprov gg -g usr newadmin@DOMAIN.COM




Extra Notes:

Some additional tips for those admins who loves to play with sed and awk:-

Here we are exporting and redirecting grants to a file, and preparing grants for new delegated admin.
NOTE: These steps are only for Domain and Global level grants. If there are other level grants assigned to delegated admin then use "awk" carefully to extract correct column. 

zmprov gg -g usr myadmin@DOMAIN.COM | grep ^global | awk '{print $1,$3,$5,$6}'  >> /tmp/grants.txt
zmprov gg -g usr myadmin@DOMAIN.COM | grep ^domain | awk '{print $1,$3,$4,$6,$7}'  >> /tmp/grants.txt

Check the content of the file "/tmp/grants.txt" and the output will look like the following:- 

cat /tmp/grants.txt 
global usr newadmin@DOMAIN.COM adminLoginCalendarResourceAs
global usr newadmin@DOMAIN.COM domainAdminZimletRights
domain DOMAIN.COM usr newadmin@DOMAIN.COM domainAdminConsoleRights

Add "grr" at the beginning of each line:- 

sed -i 's/^/grr /' /tmp/grants.txt

Now file will show content in following format:- 

cat /tmp/grants.txt 
grr global usr newadmin@DOMAIN.COM adminLoginCalendarResourceAs
grr global usr newadmin@DOMAIN.COM domainAdminZimletRights
grr domain DOMAIN.COM usr newadmin@DOMAIN.COM domainAdminConsoleRights

Replace old delegated admin email-id with new delegated admin:- 

sed -i 's/myadmin@DOMAIN.COM/newadmin@DOMAIN.COM/' /tmp/grants.txt

Now we will assign grants to new delegated admin with prepared file /tmp/grants.txt 

zmprov < /tmp/grants.txt


Verified Against: ZCS 8.8, 8.7, 8.6, 8.5 Date Created: 2018-08-13
Article ID: https://wiki.zimbra.com/index.php?title=Steps_to_export_grants_n_views_of_a_delegated_admin_and_create_a_new_delegated_admin_with_same_grants_and_views Date Modified: 2018-08-13



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Other help Resources

User Help Page »
Official Forums »
Zimbra Documentation Page »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »


Retrieved from "http://wiki.zimbra.com/index.php?title=Steps_to_export_grants_n_views_of_a_delegated_admin_and_create_a_new_delegated_admin_with_same_grants_and_views&oldid=65662"
Jump to: navigation, search