Difference between revisions of "Steps to export grants n views of a delegated admin and create a new delegated admin with same grants and views"

 
Line 1: Line 1:
=== <h1>Export grants & views of a delegated admin and create a new delegated admin with same grants & views</h1> ===
+
{{BC|Certified}}
 +
__FORCETOC__
 +
<div class="col-md-12 ibox-content">
 +
=Export grants & views of a delegated admin and create a new delegated admin with same grants & views=  
 
<hr>
 
<hr>
<br>
+
{{KB|{{ZC}}|{{ZCS 8.8}}|{{ZCS 8.7}}|{{ZCS 8.6}}|{{ZCS 8.5}}|}}
 +
{{WIP}} 
 +
 
 +
====Problem====
 +
 
 +
Export grants & views of a delegated admin and create a new delegated admin with the same grants & views
 +
 
 +
====Solution====
  
<h2>Solution:</h2>
+
'''Note:''' '''This is only applicable for legacy admin module and does not apply for Zimbra NG module.'''
  
Here we have an existing delegated admin '''"myadmin@DOMAIN.COM"''' and we will create a new delegated admin ''''"newadmin@DOMAIN.COM"''' with same views and grants.<br>
+
Here we have an existing delegated admin '''"myadmin@DOMAIN.COM"''' and we will create a new delegated admin ''''"newadmin@DOMAIN.COM"''' with the same views and grants.
  
 
'''1)'''.  Check enabled views of existing delegated admin:-
 
'''1)'''.  Check enabled views of existing delegated admin:-
Line 31: Line 41:
  
  
'''3)'''.    Now we have to fine tune above output for new admin.  
+
'''3)'''.    Now we have to fine tune above output for a new admin.  
  
 
  global usr myadmin@DOMAIN.COM adminLoginCalendarResourceAs
 
  global usr myadmin@DOMAIN.COM adminLoginCalendarResourceAs
Line 39: Line 49:
  
 
'''4)'''.    Create a file "/tmp/grants.txt" with the exported grants and replace old admin name with new delegated admin.<br>  
 
'''4)'''.    Create a file "/tmp/grants.txt" with the exported grants and replace old admin name with new delegated admin.<br>  
Prepare exported grant file for new delegated admin (newadmin@DOMAIN.COM).  File must have grants in following format:-   
+
Prepare exported grant file for new delegated admin (newadmin@DOMAIN.COM).  The file must have grants in the following format:-   
  
 
  grr global usr newadmin@DOMAIN.COM adminLoginCalendarResourceAs
 
  grr global usr newadmin@DOMAIN.COM adminLoginCalendarResourceAs
Line 46: Line 56:
  
  
'''5)'''.    Now we will create new delegated admin with same views as existing admin has: -
+
'''5)'''.    Now we will create a new delegated admin with the same views as existing admin has: -
  
 
  zmprov ca newadmin@DOMAIN.COM <PASSWORD> zimbraIsDelegatedAdminAccount TRUE zimbraAdminConsoleUIComponents accountListView zimbraAdminConsoleUIComponents downloadsView zimbraAdminConsoleUIComponents DLListView zimbraAdminConsoleUIComponents aliasListView zimbraAdminConsoleUIComponents resourceListView zimbraAdminConsoleUIComponents saveSearch
 
  zmprov ca newadmin@DOMAIN.COM <PASSWORD> zimbraIsDelegatedAdminAccount TRUE zimbraAdminConsoleUIComponents accountListView zimbraAdminConsoleUIComponents downloadsView zimbraAdminConsoleUIComponents DLListView zimbraAdminConsoleUIComponents aliasListView zimbraAdminConsoleUIComponents resourceListView zimbraAdminConsoleUIComponents saveSearch
  
  
'''6)'''.    Here we will assign grants from prepared file in Step4:-  
+
'''6)'''.    Here we will assign grants from the prepared file in Step4:-  
  
 
  zmprov < /tmp/grants.txt  
 
  zmprov < /tmp/grants.txt  
  
  
'''7)'''.    Now check grants of newly created delegated admin, output of below command must be similar as output of Step2:-  
+
'''7)'''.    Now check grants of newly created delegated admin, the output of below command must be similar to the output of Step2:-  
  
 
  zmprov gg -g usr newadmin@DOMAIN.COM  
 
  zmprov gg -g usr newadmin@DOMAIN.COM  
Line 72: Line 82:
 
  zmprov gg -g usr myadmin@DOMAIN.COM | grep ^domain | awk '{print $1,$3,$4,$6,$7}'  >> /tmp/grants.txt  
 
  zmprov gg -g usr myadmin@DOMAIN.COM | grep ^domain | awk '{print $1,$3,$4,$6,$7}'  >> /tmp/grants.txt  
  
Check content of file "/tmp/grants.txt" and the output will be look like following:-
+
Check the content of the file "/tmp/grants.txt" and the output will look like the following:-
  
 
  cat /tmp/grants.txt  
 
  cat /tmp/grants.txt  
Line 95: Line 105:
  
  
 
+
{{Article Footer|ZCS 8.8, 8.7, 8.6, 8.5|2018-08-13}}
 
 
Submitted by:  Heera Singh Koranga
 

Latest revision as of 12:44, 13 August 2018

Export grants & views of a delegated admin and create a new delegated admin with same grants & views


   KB 23341        Last updated on 2018-08-13  




0.00
(0 votes)


Problem

Export grants & views of a delegated admin and create a new delegated admin with the same grants & views

Solution

Note: This is only applicable for legacy admin module and does not apply for Zimbra NG module.

Here we have an existing delegated admin "myadmin@DOMAIN.COM" and we will create a new delegated admin '"newadmin@DOMAIN.COM" with the same views and grants.

1). Check enabled views of existing delegated admin:-

zmprov -l ga myadmin@DOMAIN.COM | egrep -i 'zimbraAdminConsoleUIComponents|zimbraIsDelegatedAdminAccount:' 

Output:-

zimbraAdminConsoleUIComponents: accountListView
zimbraAdminConsoleUIComponents: downloadsView
zimbraAdminConsoleUIComponents: DLListView
zimbraAdminConsoleUIComponents: aliasListView
zimbraAdminConsoleUIComponents: resourceListView
zimbraAdminConsoleUIComponents: saveSearch
zimbraIsDelegatedAdminAccount: TRUE 


2). Check or export assigned rights of the delegated admin :-

zmprov gg -g usr myadmin@DOMAIN.COM 

Output:-

    target type  target id                            target name        grantee type grantee id                           grantee name       right
    ------------ ------------------------------------ ------------------ ------------ ------------------------------------ ------------------ --------------------
    global                                            globalacltarget    usr          87609353-a8fb-4ed5-b750-6b538cd52f35 myadmin@DOMAIN.COM adminLoginCalendarResourceAs
    global                                            globalacltarget    usr          87609353-a8fb-4ed5-b750-6b538cd52f35 myadmin@DOMAIN.COM domainAdminZimletRights
    domain       1ccb92be-56cc-4962-b964-b07af84dc118 DOMAIN.COM         usr          87609353-a8fb-4ed5-b750-6b538cd52f35 myadmin@DOMAIN.COM domainAdminConsoleRights


3). Now we have to fine tune above output for a new admin.

global usr myadmin@DOMAIN.COM adminLoginCalendarResourceAs
global usr myadmin@DOMAIN.COM domainAdminZimletRights
domain DOMAIN.COM usr myadmin@DOMAIN.COM domainAdminConsoleRights 


4). Create a file "/tmp/grants.txt" with the exported grants and replace old admin name with new delegated admin.
Prepare exported grant file for new delegated admin (newadmin@DOMAIN.COM). The file must have grants in the following format:-

grr global usr newadmin@DOMAIN.COM adminLoginCalendarResourceAs
grr global usr newadmin@DOMAIN.COM domainAdminZimletRights 
grr domain DOMAIN.COM usr newadmin@DOMAIN.COM domainAdminConsoleRights 


5). Now we will create a new delegated admin with the same views as existing admin has: -

zmprov ca newadmin@DOMAIN.COM <PASSWORD> zimbraIsDelegatedAdminAccount TRUE zimbraAdminConsoleUIComponents accountListView zimbraAdminConsoleUIComponents downloadsView zimbraAdminConsoleUIComponents DLListView zimbraAdminConsoleUIComponents aliasListView zimbraAdminConsoleUIComponents resourceListView zimbraAdminConsoleUIComponents saveSearch


6). Here we will assign grants from the prepared file in Step4:-

zmprov < /tmp/grants.txt 


7). Now check grants of newly created delegated admin, the output of below command must be similar to the output of Step2:-

zmprov gg -g usr newadmin@DOMAIN.COM 




Extra Notes:

Some additional tips for those admins who loves to play with sed and awk:-

Here we are exporting and redirecting grants to a file, and preparing grants for new delegated admin.
NOTE: These steps are only for Domain and Global level grants. If there are other level grants assigned to delegated admin then use "awk" carefully to extract correct column.

zmprov gg -g usr myadmin@DOMAIN.COM | grep ^global | awk '{print $1,$3,$5,$6}'  >> /tmp/grants.txt
zmprov gg -g usr myadmin@DOMAIN.COM | grep ^domain | awk '{print $1,$3,$4,$6,$7}'  >> /tmp/grants.txt 

Check the content of the file "/tmp/grants.txt" and the output will look like the following:-

cat /tmp/grants.txt 
global usr newadmin@DOMAIN.COM adminLoginCalendarResourceAs
global usr newadmin@DOMAIN.COM domainAdminZimletRights
domain DOMAIN.COM usr newadmin@DOMAIN.COM domainAdminConsoleRights 

Add "grr" at the beginning of each line:-

sed -i 's/^/grr /' /tmp/grants.txt 

Now file will show content in following format:-

cat /tmp/grants.txt 
grr global usr newadmin@DOMAIN.COM adminLoginCalendarResourceAs
grr global usr newadmin@DOMAIN.COM domainAdminZimletRights
grr domain DOMAIN.COM usr newadmin@DOMAIN.COM domainAdminConsoleRights 

Replace old delegated admin email-id with new delegated admin:-

sed -i 's/myadmin@DOMAIN.COM/newadmin@DOMAIN.COM/' /tmp/grants.txt 

Now we will assign grants to new delegated admin with prepared file /tmp/grants.txt

zmprov < /tmp/grants.txt 


Verified Against: ZCS 8.8, 8.7, 8.6, 8.5 Date Created: 2018-08-13
Article ID: https://wiki.zimbra.com/index.php?title=Steps_to_export_grants_n_views_of_a_delegated_admin_and_create_a_new_delegated_admin_with_same_grants_and_views Date Modified: 2018-08-13



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »


Jump to: navigation, search