UmaT-Implementing-Delegated-Administration

Revision as of 07:49, 12 December 2011 by Tammanagoudaru (talk | contribs) (Created page with "== '''Work in Progress''' == The Delegated Administration feature lets you create different delegated administrator roles to manage your ZCS environment. Please refer the 'Dele...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Work in Progress

The Delegated Administration feature lets you create different delegated administrator roles to manage your ZCS environment. Please refer the 'Delegated Administration' section in Administrator guide to understand the basic terminologies.

http://www.zimbra.com/docs/ne/latest/administration_guide/wwhelp/wwhimpl/js/html/wwhelp.htm#href=ZCS_Admin_Guide_7_NE.Delegated_Administration.html


Below are the guidelines to manage the distribution list through CLI.


1. Create domain

   $ zmprov cd domain.com zimbraAuthMech zimbra

2. Create the delegated admin

   $ zmprov ca  delegatedadmin@example.com <passwd>  zimbraIsDelegatedAdminAccount TRUE

3. Admin views

Below are list of Admin view's available which can be assigned to delegated admin.

Account LIst View           :	accountListView
Distribution List View      :	DLListView
Alias LIst View             :	aliasListView 
Resource List View          : 	resourceListView
Class of Service LIst View  : 	COSListView
Domain List View            :	domainListView
Server List View            :	serverListView
Zimlet List View            : 	zimletListView
Admin Zimlet List View      :	adminZimletListView 
Global Settings View        : 	globalConfigView 
Global Server Status View   :	globalServerStatusView 
Help Search View            :	helpSearch 
Saved Searches View         : 	saveSearch 
Mail Queue View             : 	mailQueue 
Backups  View               : 	backupsView 
Certificates View           : 	certsView 
Software Updates            : 	softwareUpdatesView
Account Migration           :	bulkProvisionTasksView
Per Server Statistics View  : 	perServerStatisticsView 
Global ACL View             : 	globalPermissionView 
Right List View             :	rightListView


3.1 Assigning the admin view

  $ zmprov ma delegatedadmin@example.com zimbraAdminConsoleUIComponents accountListView  zimbraAdminConsoleUIComponents DLListView zimbraAdminConsoleUIComponents COSListView
  $ zmprov ga delegatedadmin@example.com  | grep -i view
  zimbraAdminConsoleUIComponents: accountListView
  zimbraAdminConsoleUIComponents: DLListView
  zimbraAdminConsoleUIComponents: COSListView


3.2 Revoking admin view

caution: If you want to revoke the COS list view, then you need to run the full command expect appending the revoking component 'COSListView'

  $ zmprov ma delegatedadmin@example.com zimbraAdminConsoleUIComponents accountListView  zimbraAdminConsoleUIComponents DLListView
  $ zmprov ga delegatedadmin@domain.com  | grep -i view
    zimbraAdminConsoleUIComponents: accountListView
    zimbraAdminConsoleUIComponents: DLListView


4. Assiging the rights :

4.1 Manage Domains

4.1.1 Granting the rights to manage domains.

Syntax:

grantRight(grr) {target-type} [{target-id|target-name}] {grantee-type} [{grantee-id|grantee-name} [secret]] {[-]right}

Example

$ zmprov grr domain example.com  usr delegatedadmin@domain.com  domainAdminRights


4.1.2 View grants

Syntax:

getGrants(gg) [-t {target-type} [{target-id|target-name}]] [-g {grantee-type} {grantee-id|grantee-name} [{0|1 (whether to include grants granted to groups the grantee belongs)}]]


Example

$ zmprov gg -t example.com
target type  target id                            target name                    grantee type grantee id                           grantee name                   right
------------ ------------------------------------ ------------------------------ ------------ ------------------------------------ ------------------------------ --------------------
domain       15274f2b-9f64-4bd0-88c9-ec94874d8151 example.com                   grp          f05e6210-1c19-42cb-9ab5-bccd7a045cb7 zimbradomainadmins@example.com +domainAdminConsoleRights
domain       15274f2b-9f64-4bd0-88c9-ec94874d8151 example.com                   usr          400eecbd-6da3-4cdb-8791-fd5f42faade6 deleagtedadmin@example.com       domainAdminConsoleRights
domain       15274f2b-9f64-4bd0-88c9-ec94874d8151 example.com                   usr          928c917e-ed9d-453c-84e0-a7d1da86cf14 deleagtedadmin@example.com       domainAdminRights
domain       15274f2b-9f64-4bd0-88c9-ec94874d8151 example.com                   usr          400eecbd-6da3-4cdb-8791-fd5f42faade6 deleagtedadmin@example.com       domainAdminRights
domain       15274f2b-9f64-4bd0-88c9-ec94874d8151 example.com                   usr          400eecbd-6da3-4cdb-8791-fd5f42faade6 deleagtedadmin@example.com       domainAdminConsoleAccountRights
domain       15274f2b-9f64-4bd0-88c9-ec94874d8151 example.com                   usr          400eecbd-6da3-4cdb-8791-fd5f42faade6 deleagtedadmin@example.com       domainAdminAccountRights
domain       15274f2b-9f64-4bd0-88c9-ec94874d8151 example.com                   usr          400eecbd-6da3-4cdb-8791-fd5f42faade6 deleagtedadmin@example.com       adminLoginAs


4.2 Managing Distribution list

4.2.1 Granting rights to delegated admin to manage DL

 $ zmprov grr dl newdl1@example.com usr domainadmin@example.com domainAdminDistributionListRights

4.2.2 Viewing rights assigned to DL


$ zmprov gg -t dl newdl1@example.com 0
 target type  target id                            target name                    grantee type grantee id                           grantee name                   right
 ------------ ------------------------------------ ------------------------------ ------------ ------------------------------------ ------------------------------ --------------------
dl           2efe18a9-35a7-4553-9347-a744bb35943a newdl1@example.com            usr        400eecbd-6da3-4cdb-8791-fd5f42faade6 delegatedadmin@example.com       domainAdminDistributionListRights


4.2.3 Delegated admin of example1.com can manage the DL of example2.com

$ zmprov grr dl list@example2.com usr delegatedadmin@example1.com domainAdminDistributionListRights
$ zmprov gg -t dl list@example2.com  
 target type  target id                            target name                    grantee type grantee id                           grantee name                   right
 ------------ ------------------------------------ ------------------------------ ------------ ------------------------------------ ------------------------------ --------------------
 dl           7163e8b2-a192-4898-a76a-36d288523a4a list@example2.com         usr          400eecbd-6da3-4cdb-8791-fd5f42faade6 delegateadmin@example1.com       domainAdminDistributionListRights
Jump to: navigation, search