Steps to export grants n views of a delegated admin and create a new delegated admin with same grants and views

The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Export grants & views of a delegated admin and create a new delegated admin with same grants & views



Solution:

Here we have an existing delegated admin "myadmin@DOMAIN.COM" and we will create a new delegated admin '"newadmin@DOMAIN.COM" with same views and grants.

1). Check enabled views of existing delegated admin:-

zmprov -l ga myadmin@DOMAIN.COM | egrep -i 'zimbraAdminConsoleUIComponents|zimbraIsDelegatedAdminAccount:' 

Output:-

zimbraAdminConsoleUIComponents: accountListView
zimbraAdminConsoleUIComponents: downloadsView
zimbraAdminConsoleUIComponents: DLListView
zimbraAdminConsoleUIComponents: aliasListView
zimbraAdminConsoleUIComponents: resourceListView
zimbraAdminConsoleUIComponents: saveSearch
zimbraIsDelegatedAdminAccount: TRUE 


2). Check or export assigned rights of the delegated admin :-

zmprov gg -g usr myadmin@DOMAIN.COM 

Output:-

    target type  target id                            target name        grantee type grantee id                           grantee name       right
    ------------ ------------------------------------ ------------------ ------------ ------------------------------------ ------------------ --------------------
    global                                            globalacltarget    usr          87609353-a8fb-4ed5-b750-6b538cd52f35 myadmin@DOMAIN.COM adminLoginCalendarResourceAs
    global                                            globalacltarget    usr          87609353-a8fb-4ed5-b750-6b538cd52f35 myadmin@DOMAIN.COM domainAdminZimletRights
    domain       1ccb92be-56cc-4962-b964-b07af84dc118 DOMAIN.COM         usr          87609353-a8fb-4ed5-b750-6b538cd52f35 myadmin@DOMAIN.COM domainAdminConsoleRights


3). Now we have to fine tune above output for new admin.

global usr myadmin@DOMAIN.COM adminLoginCalendarResourceAs
global usr myadmin@DOMAIN.COM domainAdminZimletRights
domain DOMAIN.COM usr myadmin@DOMAIN.COM domainAdminConsoleRights 


4). Create a file "/tmp/grants.txt" with the exported grants and replace old admin name with new delegated admin.
Prepare exported grant file for new delegated admin (newadmin@DOMAIN.COM). File must have grants in following format:-

grr global usr newadmin@DOMAIN.COM adminLoginCalendarResourceAs
grr global usr newadmin@DOMAIN.COM domainAdminZimletRights 
grr domain DOMAIN.COM usr newadmin@DOMAIN.COM domainAdminConsoleRights 


5). Now we will create new delegated admin with same views as existing admin has: -

zmprov ca newadmin@DOMAIN.COM <PASSWORD> zimbraIsDelegatedAdminAccount TRUE zimbraAdminConsoleUIComponents accountListView zimbraAdminConsoleUIComponents downloadsView zimbraAdminConsoleUIComponents DLListView zimbraAdminConsoleUIComponents aliasListView zimbraAdminConsoleUIComponents resourceListView zimbraAdminConsoleUIComponents saveSearch


6). Here we will assign grants from prepared file in Step4:-

zmprov < /tmp/grants.txt 


7). Now check grants of newly created delegated admin, output of below command must be similar as output of Step2:-

zmprov gg -g usr newadmin@DOMAIN.COM 




Extra Notes


Some additional tips for those admins who loves to play with sed and awk:-

Here we are exporting and redirecting grants to a file, and preparing grants for new delegated admin.
NOTE: These steps are only for Domain and Global level grants. If there are other level grants assigned to delegated admin then use "awk" carefully to extract correct column.

zmprov gg -g usr myadmin@DOMAIN.COM | grep ^global | awk '{print $1,$3,$5,$6}'  >> /tmp/grants.txt
zmprov gg -g usr myadmin@DOMAIN.COM | grep ^domain | awk '{print $1,$3,$4,$6,$7}'  >> /tmp/grants.txt 

Check content of file "/tmp/grants.txt" and the output will be look like following:-

cat /tmp/grants.txt 
global usr newadmin@DOMAIN.COM adminLoginCalendarResourceAs
global usr newadmin@DOMAIN.COM domainAdminZimletRights
domain DOMAIN.COM usr newadmin@DOMAIN.COM domainAdminConsoleRights 

Add "grr" at the beginning of each line:-

sed -i 's/^/grr /' /tmp/grants.txt 

Now file will show content in following format:-

cat /tmp/grants.txt 
grr global usr newadmin@DOMAIN.COM adminLoginCalendarResourceAs
grr global usr newadmin@DOMAIN.COM domainAdminZimletRights
grr domain DOMAIN.COM usr newadmin@DOMAIN.COM domainAdminConsoleRights 

Replace old delegated admin email-id with new delegated admin:-

sed -i 's/myadmin@DOMAIN.COM/newadmin@DOMAIN.COM/' /tmp/grants.txt 

Now we will assign grants to new delegated admin with prepared file /tmp/grants.txt

zmprov < /tmp/grants.txt 



Submitted by: Heera Singh Koranga

Jump to: navigation, search