Steps to export grants n views of a delegated admin and create a new delegated admin with same grants and views: Difference between revisions
(Created page with "=== <h1>Steps_to_export_grants_n_views_of_a_delegated_admin_and_create_a_new_delegated_admin_with_same_grants_and_views</h1> === <hr> <br> <h2>Problem: </h2> <p>Export grants...") |
No edit summary |
||
| Line 1: | Line 1: | ||
=== <h1> | === <h1>Export grants & views of a delegated admin and create a new delegated admin with same grants & views</h1> === | ||
<hr> | <hr> | ||
<br> | <br> | ||
<h2>Solution:</h2> | <h2>Solution:</h2> | ||
| Line 11: | Line 8: | ||
'''1)'''. Check enabled views of existing delegated admin:- | '''1)'''. Check enabled views of existing delegated admin:- | ||
zmprov -l ga myadmin@DOMAIN.COM | egrep -i 'zimbraAdminConsoleUIComponents|zimbraIsDelegatedAdminAccount:' | |||
Output:- | |||
zimbraAdminConsoleUIComponents: accountListView | |||
zimbraAdminConsoleUIComponents: downloadsView | |||
zimbraAdminConsoleUIComponents: DLListView | |||
zimbraAdminConsoleUIComponents: aliasListView | |||
zimbraAdminConsoleUIComponents: resourceListView | |||
zimbraAdminConsoleUIComponents: saveSearch | |||
zimbraIsDelegatedAdminAccount: TRUE | |||
'''2)'''. Check or export assigned rights of the delegated admin :- | '''2)'''. Check or export assigned rights of the delegated admin :- | ||
zmprov gg -g usr myadmin@DOMAIN.COM | |||
Output:- | Output:- | ||
target type target id target name grantee type grantee id grantee name right | target type target id target name grantee type grantee id grantee name right | ||
| Line 30: | Line 29: | ||
global globalacltarget usr 87609353-a8fb-4ed5-b750-6b538cd52f35 myadmin@DOMAIN.COM domainAdminZimletRights | global globalacltarget usr 87609353-a8fb-4ed5-b750-6b538cd52f35 myadmin@DOMAIN.COM domainAdminZimletRights | ||
domain 1ccb92be-56cc-4962-b964-b07af84dc118 DOMAIN.COM usr 87609353-a8fb-4ed5-b750-6b538cd52f35 myadmin@DOMAIN.COM domainAdminConsoleRights | domain 1ccb92be-56cc-4962-b964-b07af84dc118 DOMAIN.COM usr 87609353-a8fb-4ed5-b750-6b538cd52f35 myadmin@DOMAIN.COM domainAdminConsoleRights | ||
'''3)'''. Now we have to fine tune above output for new admin. | '''3)'''. Now we have to fine tune above output for new admin. | ||
global usr myadmin@DOMAIN.COM adminLoginCalendarResourceAs | |||
global usr myadmin@DOMAIN.COM domainAdminZimletRights | global usr myadmin@DOMAIN.COM domainAdminZimletRights | ||
domain DOMAIN.COM usr myadmin@DOMAIN.COM domainAdminConsoleRights | domain DOMAIN.COM usr myadmin@DOMAIN.COM domainAdminConsoleRights | ||
'''4)'''. Create a file "/tmp/grants.txt" with the exported grants and replace old admin name with new delegated admin. | '''4)'''. Create a file "/tmp/grants.txt" with the exported grants and replace old admin name with new delegated admin.<br> | ||
Prepare exported grant file for new delegated admin (newadmin@DOMAIN.COM). File must have grants in following format:- | Prepare exported grant file for new delegated admin (newadmin@DOMAIN.COM). File must have grants in following format:- | ||
grr global usr newadmin@DOMAIN.COM adminLoginCalendarResourceAs | |||
grr global usr newadmin@DOMAIN.COM domainAdminZimletRights | grr global usr newadmin@DOMAIN.COM domainAdminZimletRights | ||
grr domain DOMAIN.COM usr newadmin@DOMAIN.COM domainAdminConsoleRights | grr domain DOMAIN.COM usr newadmin@DOMAIN.COM domainAdminConsoleRights | ||
'''5)'''. Now we will create new delegated admin with same views as existing admin has: - | '''5)'''. Now we will create new delegated admin with same views as existing admin has: - | ||
zmprov ca newadmin@DOMAIN.COM <PASSWORD> zimbraIsDelegatedAdminAccount TRUE zimbraAdminConsoleUIComponents accountListView zimbraAdminConsoleUIComponents downloadsView zimbraAdminConsoleUIComponents DLListView zimbraAdminConsoleUIComponents aliasListView zimbraAdminConsoleUIComponents resourceListView zimbraAdminConsoleUIComponents saveSearch | |||
'''6)'''. Here we will assign grants from prepared file in Step4:- | '''6)'''. Here we will assign grants from prepared file in Step4:- | ||
zmprov < /tmp/grants.txt | |||
'''7)'''. Now check grants of newly created delegated admin, output of below command must be similar as output of Step2:- | '''7)'''. Now check grants of newly created delegated admin, output of below command must be similar as output of Step2:- | ||
zmprov gg -g usr newadmin@DOMAIN.COM | |||
Some additional tips for those admins who loves to play with sed and awk:- | <br> | ||
<br> | |||
Here we are exporting and redirecting grants to a file, and preparing grants for new delegated admin. | <br> | ||
=== Extra Notes === | |||
<br> | |||
Some additional tips for those admins who loves to play with sed and awk:-<br> | |||
Here we are exporting and redirecting grants to a file, and preparing grants for new delegated admin.<br> | |||
'''NOTE''': These steps are only for Domain and Global level grants. If there are other level grants assigned to delegated admin then use "awk" carefully to extract correct column. | |||
zmprov gg -g usr myadmin@DOMAIN.COM | grep ^global | awk '{print $1,$3,$5,$6}' >> /tmp/grants.txt | |||
zmprov gg -g usr myadmin@DOMAIN.COM | grep ^domain | awk '{print $1,$3,$4,$6,$7}' >> /tmp/grants.txt | |||
Check content of file "/tmp/grants.txt" and the output will be look like following:- | Check content of file "/tmp/grants.txt" and the output will be look like following:- | ||
cat /tmp/grants.txt | |||
global usr newadmin@DOMAIN.COM adminLoginCalendarResourceAs | global usr newadmin@DOMAIN.COM adminLoginCalendarResourceAs | ||
global usr newadmin@DOMAIN.COM domainAdminZimletRights | global usr newadmin@DOMAIN.COM domainAdminZimletRights | ||
domain DOMAIN.COM usr newadmin@DOMAIN.COM domainAdminConsoleRights | domain DOMAIN.COM usr newadmin@DOMAIN.COM domainAdminConsoleRights | ||
Add "grr" at the beginning of each line:- | Add "grr" at the beginning of each line:- | ||
sed -i 's/^/grr /' /tmp/grants.txt | |||
Now file will show content in following format:- | Now file will show content in following format:- | ||
cat /tmp/grants.txt | |||
grr global usr newadmin@DOMAIN.COM adminLoginCalendarResourceAs | grr global usr newadmin@DOMAIN.COM adminLoginCalendarResourceAs | ||
grr global usr newadmin@DOMAIN.COM domainAdminZimletRights | grr global usr newadmin@DOMAIN.COM domainAdminZimletRights | ||
grr domain DOMAIN.COM usr newadmin@DOMAIN.COM domainAdminConsoleRights | grr domain DOMAIN.COM usr newadmin@DOMAIN.COM domainAdminConsoleRights | ||
Replace old delegated admin email-id with new delegated admin:- | |||
sed -i 's/myadmin@DOMAIN.COM/newadmin@DOMAIN.COM/' /tmp/grants.txt | |||
Now we will assign grants to new delegated admin with prepared file ''/tmp/grants.txt'' | |||
zmprov < /tmp/grants.txt | |||
Submitted by: Heera Singh Koranga | |||
Heera Singh Koranga | |||
Revision as of 15:24, 20 August 2017
Export grants & views of a delegated admin and create a new delegated admin with same grants & views
Solution:
Here we have an existing delegated admin "myadmin@DOMAIN.COM" and we will create a new delegated admin '"newadmin@DOMAIN.COM" with same views and grants.
1). Check enabled views of existing delegated admin:-
zmprov -l ga myadmin@DOMAIN.COM | egrep -i 'zimbraAdminConsoleUIComponents|zimbraIsDelegatedAdminAccount:'
Output:-
zimbraAdminConsoleUIComponents: accountListView zimbraAdminConsoleUIComponents: downloadsView zimbraAdminConsoleUIComponents: DLListView zimbraAdminConsoleUIComponents: aliasListView zimbraAdminConsoleUIComponents: resourceListView zimbraAdminConsoleUIComponents: saveSearch zimbraIsDelegatedAdminAccount: TRUE
2). Check or export assigned rights of the delegated admin :-
zmprov gg -g usr myadmin@DOMAIN.COM
Output:-
target type target id target name grantee type grantee id grantee name right
------------ ------------------------------------ ------------------ ------------ ------------------------------------ ------------------ --------------------
global globalacltarget usr 87609353-a8fb-4ed5-b750-6b538cd52f35 myadmin@DOMAIN.COM adminLoginCalendarResourceAs
global globalacltarget usr 87609353-a8fb-4ed5-b750-6b538cd52f35 myadmin@DOMAIN.COM domainAdminZimletRights
domain 1ccb92be-56cc-4962-b964-b07af84dc118 DOMAIN.COM usr 87609353-a8fb-4ed5-b750-6b538cd52f35 myadmin@DOMAIN.COM domainAdminConsoleRights
3). Now we have to fine tune above output for new admin.
global usr myadmin@DOMAIN.COM adminLoginCalendarResourceAs global usr myadmin@DOMAIN.COM domainAdminZimletRights domain DOMAIN.COM usr myadmin@DOMAIN.COM domainAdminConsoleRights
4). Create a file "/tmp/grants.txt" with the exported grants and replace old admin name with new delegated admin.
Prepare exported grant file for new delegated admin (newadmin@DOMAIN.COM). File must have grants in following format:-
grr global usr newadmin@DOMAIN.COM adminLoginCalendarResourceAs grr global usr newadmin@DOMAIN.COM domainAdminZimletRights grr domain DOMAIN.COM usr newadmin@DOMAIN.COM domainAdminConsoleRights
5). Now we will create new delegated admin with same views as existing admin has: -
zmprov ca newadmin@DOMAIN.COM <PASSWORD> zimbraIsDelegatedAdminAccount TRUE zimbraAdminConsoleUIComponents accountListView zimbraAdminConsoleUIComponents downloadsView zimbraAdminConsoleUIComponents DLListView zimbraAdminConsoleUIComponents aliasListView zimbraAdminConsoleUIComponents resourceListView zimbraAdminConsoleUIComponents saveSearch
6). Here we will assign grants from prepared file in Step4:-
zmprov < /tmp/grants.txt
7). Now check grants of newly created delegated admin, output of below command must be similar as output of Step2:-
zmprov gg -g usr newadmin@DOMAIN.COM
Extra Notes
Some additional tips for those admins who loves to play with sed and awk:-
Here we are exporting and redirecting grants to a file, and preparing grants for new delegated admin.
NOTE: These steps are only for Domain and Global level grants. If there are other level grants assigned to delegated admin then use "awk" carefully to extract correct column.
zmprov gg -g usr myadmin@DOMAIN.COM | grep ^global | awk '{print $1,$3,$5,$6}' >> /tmp/grants.txt
zmprov gg -g usr myadmin@DOMAIN.COM | grep ^domain | awk '{print $1,$3,$4,$6,$7}' >> /tmp/grants.txt
Check content of file "/tmp/grants.txt" and the output will be look like following:-
cat /tmp/grants.txt global usr newadmin@DOMAIN.COM adminLoginCalendarResourceAs global usr newadmin@DOMAIN.COM domainAdminZimletRights domain DOMAIN.COM usr newadmin@DOMAIN.COM domainAdminConsoleRights
Add "grr" at the beginning of each line:-
sed -i 's/^/grr /' /tmp/grants.txt
Now file will show content in following format:-
cat /tmp/grants.txt grr global usr newadmin@DOMAIN.COM adminLoginCalendarResourceAs grr global usr newadmin@DOMAIN.COM domainAdminZimletRights grr domain DOMAIN.COM usr newadmin@DOMAIN.COM domainAdminConsoleRights
Replace old delegated admin email-id with new delegated admin:-
sed -i 's/myadmin@DOMAIN.COM/newadmin@DOMAIN.COM/' /tmp/grants.txt
Now we will assign grants to new delegated admin with prepared file /tmp/grants.txt
zmprov < /tmp/grants.txt
Submitted by: Heera Singh Koranga
