ZCS Administrator's Guide Network Edition 6.0.8
Table of Contents Previous Next Index


Delegated Administration : Delegated Administration Terminology

Delegated Administration Terminology
The following are delegated administration terms and concepts you should understand.
Admin Group.
  An admin group is a distribution list that has been assigned an administrator role. Administrator accounts that are part of the admin group distribution list inherit the rights that are assigned to the admin group. Non-administrator accounts can coexist in the same group but these accounts do not inherit rights.
Admin Account.
An admin account is an individual user account that has been assigned an administrator role to administer specific targets.
Grantee.  
Grantee refers to the admin user who has been granted specific permissions (rights) to administer a target. This can be a individual user account (Admin Account) or a group defined as an Admin Group.
Rights.   
Rights are the functions that the delegated administrator can or cannot perform on a target. Both positive and negative rights can be set. Rights can be either a System Defined Right or Attribute Right.
Target.  
A target is a ZCS object on which rights can be granted. The following are the specific types of targets that can be specified: Account, Calendar Resource, Class of Service (COS), Distribution List (DL), Domain, Global Config, Global Grant, Server, and Zimlet.
Grant.   
A grant specifies the specific grantee who can or cannot view or modify the right on a target. A grant is stored in the LDAP attribute, zimbraACE, on the target entry.
Access Control Entry (ACE).  
A grant is represented by an ACE. An access control entry is the specific access granted on a target. An ACE is stored in an LDAP attribute on the target entry. The ACE includes the following information: Zimbra ID of the grantee, type of grantee - either user (usr) or group distribution list (grp), and the allowed or denied right. A grant is serialized in the form of an ACE stored in LDAP.
Access Control List (ACL).  
Access control list is a list of the access control entries (ACE) set on a specific target. Each target type includes a ACL tab which shows a list of ACEs set on the current target. An ACE defines what an grantee can do on the current target. In the administration console, the ACL tab on each target lists all the ACEs granted to that target.
Admin View.  
An admin view refers to the tabs and content on the administration console a delegated administrator sees when he logs in. The admin view is configured when an administrator or administrator group is created. A directly assigned admin view is the view set on the admin account. An inherited admin view is the view set on the admin group the account belongs to.

Delegated Administration : Delegated Administration Terminology

Table of Contents Previous Next Index
ZCS Administrator's Guide Network Edition 6.0.8
Copyright © 2010 Zimbra Inc.