Difference between revisions of "Steps to export grants n views of a delegated admin and create a new delegated admin with same grants and views"

(Created page with "=== <h1>Steps_to_export_grants_n_views_of_a_delegated_admin_and_create_a_new_delegated_admin_with_same_grants_and_views</h1> === <hr> <br> <h2>Problem: </h2> <p>Export grants...")
 
Line 1: Line 1:
=== <h1>Steps_to_export_grants_n_views_of_a_delegated_admin_and_create_a_new_delegated_admin_with_same_grants_and_views</h1> ===
+
=== <h1>Export grants & views of a delegated admin and create a new delegated admin with same grants & views</h1> ===
 
<hr>
 
<hr>
 
<br>
 
<br>
 
<h2>Problem: </h2>
 
<p>Export grants and views of a delegated/domain admin and create a new delegated admin with same grants and views..</p>
 
  
 
<h2>Solution:</h2>
 
<h2>Solution:</h2>
Line 11: Line 8:
  
 
'''1)'''.  Check enabled views of existing delegated admin:-
 
'''1)'''.  Check enabled views of existing delegated admin:-
 +
zmprov -l ga myadmin@DOMAIN.COM | egrep -i 'zimbraAdminConsoleUIComponents|zimbraIsDelegatedAdminAccount:'
 +
 +
Output:-
 +
zimbraAdminConsoleUIComponents: accountListView
 +
zimbraAdminConsoleUIComponents: downloadsView
 +
zimbraAdminConsoleUIComponents: DLListView
 +
zimbraAdminConsoleUIComponents: aliasListView
 +
zimbraAdminConsoleUIComponents: resourceListView
 +
zimbraAdminConsoleUIComponents: saveSearch
 +
zimbraIsDelegatedAdminAccount: TRUE
  
<pre>zmprov -l ga myadmin@DOMAIN.COM | egrep -i 'zimbraAdminConsoleUIComponents|zimbraIsDelegatedAdminAccount:'</pre>
 
<pre>Output:-
 
zimbraAdminConsoleUIComponents: accountListView
 
zimbraAdminConsoleUIComponents: downloadsView
 
zimbraAdminConsoleUIComponents: DLListView
 
zimbraAdminConsoleUIComponents: aliasListView
 
zimbraAdminConsoleUIComponents: resourceListView
 
zimbraAdminConsoleUIComponents: saveSearch
 
zimbraIsDelegatedAdminAccount: TRUE</pre>
 
  
 
'''2)'''.  Check or export assigned rights of the delegated admin :-  
 
'''2)'''.  Check or export assigned rights of the delegated admin :-  
<pre>zmprov gg -g usr myadmin@DOMAIN.COM</pre>
+
zmprov gg -g usr myadmin@DOMAIN.COM  
 +
 
 
Output:-
 
Output:-
 
     target type  target id                            target name        grantee type grantee id                          grantee name      right
 
     target type  target id                            target name        grantee type grantee id                          grantee name      right
Line 30: Line 29:
 
     global                                            globalacltarget    usr          87609353-a8fb-4ed5-b750-6b538cd52f35 myadmin@DOMAIN.COM domainAdminZimletRights
 
     global                                            globalacltarget    usr          87609353-a8fb-4ed5-b750-6b538cd52f35 myadmin@DOMAIN.COM domainAdminZimletRights
 
     domain      1ccb92be-56cc-4962-b964-b07af84dc118 DOMAIN.COM        usr          87609353-a8fb-4ed5-b750-6b538cd52f35 myadmin@DOMAIN.COM domainAdminConsoleRights
 
     domain      1ccb92be-56cc-4962-b964-b07af84dc118 DOMAIN.COM        usr          87609353-a8fb-4ed5-b750-6b538cd52f35 myadmin@DOMAIN.COM domainAdminConsoleRights
 +
  
 
'''3)'''.    Now we have to fine tune above output for new admin.  
 
'''3)'''.    Now we have to fine tune above output for new admin.  
  
<pre>global usr myadmin@DOMAIN.COM adminLoginCalendarResourceAs
+
global usr myadmin@DOMAIN.COM adminLoginCalendarResourceAs
global usr myadmin@DOMAIN.COM domainAdminZimletRights
+
global usr myadmin@DOMAIN.COM domainAdminZimletRights
domain DOMAIN.COM usr myadmin@DOMAIN.COM domainAdminConsoleRights </pre>
+
domain DOMAIN.COM usr myadmin@DOMAIN.COM domainAdminConsoleRights  
 +
 
  
'''4)'''.    Create a file "/tmp/grants.txt" with the exported grants and replace old admin name with new delegated admin.  
+
'''4)'''.    Create a file "/tmp/grants.txt" with the exported grants and replace old admin name with new delegated admin.<br>
 
Prepare exported grant file for new delegated admin (newadmin@DOMAIN.COM).  File must have grants in following format:-   
 
Prepare exported grant file for new delegated admin (newadmin@DOMAIN.COM).  File must have grants in following format:-   
  
<pre>grr global usr newadmin@DOMAIN.COM adminLoginCalendarResourceAs
+
grr global usr newadmin@DOMAIN.COM adminLoginCalendarResourceAs
grr global usr newadmin@DOMAIN.COM domainAdminZimletRights  
+
grr global usr newadmin@DOMAIN.COM domainAdminZimletRights  
grr domain DOMAIN.COM usr newadmin@DOMAIN.COM domainAdminConsoleRights</pre>
+
grr domain DOMAIN.COM usr newadmin@DOMAIN.COM domainAdminConsoleRights  
 +
 
  
 
'''5)'''.    Now we will create new delegated admin with same views as existing admin has: -
 
'''5)'''.    Now we will create new delegated admin with same views as existing admin has: -
  
<pre>zmprov ca newadmin@DOMAIN.COM PASSWORD zimbraIsDelegatedAdminAccount TRUE zimbraAdminConsoleUIComponents accountListView zimbraAdminConsoleUIComponents downloadsView zimbraAdminConsoleUIComponents DLListView zimbraAdminConsoleUIComponents aliasListView zimbraAdminConsoleUIComponents resourceListView zimbraAdminConsoleUIComponents saveSearch
+
zmprov ca newadmin@DOMAIN.COM <PASSWORD> zimbraIsDelegatedAdminAccount TRUE zimbraAdminConsoleUIComponents accountListView zimbraAdminConsoleUIComponents downloadsView zimbraAdminConsoleUIComponents DLListView zimbraAdminConsoleUIComponents aliasListView zimbraAdminConsoleUIComponents resourceListView zimbraAdminConsoleUIComponents saveSearch
</pre>
+
 
  
 
'''6)'''.    Here we will assign grants from prepared file in Step4:-  
 
'''6)'''.    Here we will assign grants from prepared file in Step4:-  
  
<pre>zmprov < /tmp/grants.txt  
+
zmprov < /tmp/grants.txt  
</pre>
+
 
  
 
'''7)'''.    Now check grants of newly created delegated admin, output of below command must be similar as output of Step2:-  
 
'''7)'''.    Now check grants of newly created delegated admin, output of below command must be similar as output of Step2:-  
  
<pre>zmprov gg -g usr newadmin@DOMAIN.COM</pre>
+
zmprov gg -g usr newadmin@DOMAIN.COM  
  
Some additional tips for those admins who loves to play with sed and awk:-  
+
<br>
=================================================================================================
+
<br>
Here we are exporting and redirecting grants to a file, and preparing grants for new delegated admin.     
+
<br>
'''Note''': These steps are only for domain and global level grants. If there are other level grants assigned to delegated admin then use "awk" carefully to extract correct column.
+
=== Extra Notes ===
 +
<br>
 +
Some additional tips for those admins who loves to play with sed and awk:-<br>
 +
 
 +
Here we are exporting and redirecting grants to a file, and preparing grants for new delegated admin.<br>    
 +
'''NOTE''': These steps are only for Domain and Global level grants. If there are other level grants assigned to delegated admin then use "awk" carefully to extract correct column.  
 +
 
 +
zmprov gg -g usr myadmin@DOMAIN.COM | grep ^global | awk '{print $1,$3,$5,$6}'  >> /tmp/grants.txt
 +
zmprov gg -g usr myadmin@DOMAIN.COM | grep ^domain | awk '{print $1,$3,$4,$6,$7}'  >> /tmp/grants.txt
  
<pre>$ zmprov gg -g usr myadmin@DOMAIN.COM | grep ^global | awk '{print $1 " " $3 " " $5 " " $6}'  >> /tmp/grants.txt
 
$ zmprov gg -g usr myadmin@DOMAIN.COM | grep ^domain | awk '{print $1 " " $3 " " $4 " " $6 " " $7}'  >> /tmp/grants.txt
 
</pre>
 
 
Check content of file "/tmp/grants.txt" and the output will be look like following:-
 
Check content of file "/tmp/grants.txt" and the output will be look like following:-
<pre>
+
 
  $ cat /tmp/grants.txt  
+
  cat /tmp/grants.txt  
global usr newadmin@DOMAIN.COM adminLoginCalendarResourceAs
+
global usr newadmin@DOMAIN.COM adminLoginCalendarResourceAs
global usr newadmin@DOMAIN.COM domainAdminZimletRights
+
global usr newadmin@DOMAIN.COM domainAdminZimletRights
domain DOMAIN.COM usr newadmin@DOMAIN.COM domainAdminConsoleRights</pre>
+
domain DOMAIN.COM usr newadmin@DOMAIN.COM domainAdminConsoleRights  
 +
 
 
Add "grr" at the beginning of each line:-  
 
Add "grr" at the beginning of each line:-  
<pre>$ sed -i 's/^/grr /' /tmp/grants.txt</pre> 
+
sed -i 's/^/grr /' /tmp/grants.txt  
 +
 
 
Now file will show content in following format:-  
 
Now file will show content in following format:-  
<pre>$ cat /tmp/grants.txt  
+
cat /tmp/grants.txt  
grr global usr newadmin@DOMAIN.COM adminLoginCalendarResourceAs
+
grr global usr newadmin@DOMAIN.COM adminLoginCalendarResourceAs
grr global usr newadmin@DOMAIN.COM domainAdminZimletRights
+
grr global usr newadmin@DOMAIN.COM domainAdminZimletRights
grr domain DOMAIN.COM usr newadmin@DOMAIN.COM domainAdminConsoleRights</pre>
+
grr domain DOMAIN.COM usr newadmin@DOMAIN.COM domainAdminConsoleRights  
Now replace old delegated admin email-id with new delegated admin:-  
+
 
<pre>sed -i 's/myadmin@DOMAIN.COM/newadmin@DOMAIN.COM/' /tmp/grants.txt</pre>
+
Replace old delegated admin email-id with new delegated admin:-  
=================================================================================================
+
sed -i 's/myadmin@DOMAIN.COM/newadmin@DOMAIN.COM/' /tmp/grants.txt  
 +
 
 +
Now we will assign grants to new delegated admin with prepared file ''/tmp/grants.txt''
 +
zmprov < /tmp/grants.txt
  
  
  
Regards,<br>
+
Submitted by:  Heera Singh Koranga
Heera Singh Koranga
 

Revision as of 15:24, 20 August 2017

Export grants & views of a delegated admin and create a new delegated admin with same grants & views



Solution:

Here we have an existing delegated admin "myadmin@DOMAIN.COM" and we will create a new delegated admin '"newadmin@DOMAIN.COM" with same views and grants.

1). Check enabled views of existing delegated admin:-

zmprov -l ga myadmin@DOMAIN.COM | egrep -i 'zimbraAdminConsoleUIComponents|zimbraIsDelegatedAdminAccount:' 

Output:-

zimbraAdminConsoleUIComponents: accountListView
zimbraAdminConsoleUIComponents: downloadsView
zimbraAdminConsoleUIComponents: DLListView
zimbraAdminConsoleUIComponents: aliasListView
zimbraAdminConsoleUIComponents: resourceListView
zimbraAdminConsoleUIComponents: saveSearch
zimbraIsDelegatedAdminAccount: TRUE 


2). Check or export assigned rights of the delegated admin :-

zmprov gg -g usr myadmin@DOMAIN.COM 

Output:-

    target type  target id                            target name        grantee type grantee id                           grantee name       right
    ------------ ------------------------------------ ------------------ ------------ ------------------------------------ ------------------ --------------------
    global                                            globalacltarget    usr          87609353-a8fb-4ed5-b750-6b538cd52f35 myadmin@DOMAIN.COM adminLoginCalendarResourceAs
    global                                            globalacltarget    usr          87609353-a8fb-4ed5-b750-6b538cd52f35 myadmin@DOMAIN.COM domainAdminZimletRights
    domain       1ccb92be-56cc-4962-b964-b07af84dc118 DOMAIN.COM         usr          87609353-a8fb-4ed5-b750-6b538cd52f35 myadmin@DOMAIN.COM domainAdminConsoleRights


3). Now we have to fine tune above output for new admin.

global usr myadmin@DOMAIN.COM adminLoginCalendarResourceAs
global usr myadmin@DOMAIN.COM domainAdminZimletRights
domain DOMAIN.COM usr myadmin@DOMAIN.COM domainAdminConsoleRights 


4). Create a file "/tmp/grants.txt" with the exported grants and replace old admin name with new delegated admin.
Prepare exported grant file for new delegated admin (newadmin@DOMAIN.COM). File must have grants in following format:-

grr global usr newadmin@DOMAIN.COM adminLoginCalendarResourceAs
grr global usr newadmin@DOMAIN.COM domainAdminZimletRights 
grr domain DOMAIN.COM usr newadmin@DOMAIN.COM domainAdminConsoleRights 


5). Now we will create new delegated admin with same views as existing admin has: -

zmprov ca newadmin@DOMAIN.COM <PASSWORD> zimbraIsDelegatedAdminAccount TRUE zimbraAdminConsoleUIComponents accountListView zimbraAdminConsoleUIComponents downloadsView zimbraAdminConsoleUIComponents DLListView zimbraAdminConsoleUIComponents aliasListView zimbraAdminConsoleUIComponents resourceListView zimbraAdminConsoleUIComponents saveSearch


6). Here we will assign grants from prepared file in Step4:-

zmprov < /tmp/grants.txt 


7). Now check grants of newly created delegated admin, output of below command must be similar as output of Step2:-

zmprov gg -g usr newadmin@DOMAIN.COM 




Extra Notes


Some additional tips for those admins who loves to play with sed and awk:-

Here we are exporting and redirecting grants to a file, and preparing grants for new delegated admin.
NOTE: These steps are only for Domain and Global level grants. If there are other level grants assigned to delegated admin then use "awk" carefully to extract correct column.

zmprov gg -g usr myadmin@DOMAIN.COM | grep ^global | awk '{print $1,$3,$5,$6}'  >> /tmp/grants.txt
zmprov gg -g usr myadmin@DOMAIN.COM | grep ^domain | awk '{print $1,$3,$4,$6,$7}'  >> /tmp/grants.txt 

Check content of file "/tmp/grants.txt" and the output will be look like following:-

cat /tmp/grants.txt 
global usr newadmin@DOMAIN.COM adminLoginCalendarResourceAs
global usr newadmin@DOMAIN.COM domainAdminZimletRights
domain DOMAIN.COM usr newadmin@DOMAIN.COM domainAdminConsoleRights 

Add "grr" at the beginning of each line:-

sed -i 's/^/grr /' /tmp/grants.txt 

Now file will show content in following format:-

cat /tmp/grants.txt 
grr global usr newadmin@DOMAIN.COM adminLoginCalendarResourceAs
grr global usr newadmin@DOMAIN.COM domainAdminZimletRights
grr domain DOMAIN.COM usr newadmin@DOMAIN.COM domainAdminConsoleRights 

Replace old delegated admin email-id with new delegated admin:-

sed -i 's/myadmin@DOMAIN.COM/newadmin@DOMAIN.COM/' /tmp/grants.txt 

Now we will assign grants to new delegated admin with prepared file /tmp/grants.txt

zmprov < /tmp/grants.txt 


Submitted by: Heera Singh Koranga

Jump to: navigation, search