ZCS Administrator's Guide Network Edition 6.0, Rev 1

Specific Access Rights

Frequently requested access rights are described below. The steps to set up up an administrator to manage multiple domains are described below.

Manage multiple domains

To have one domain administrator manage more than one domain, you assign the rights to manage individual domains to the administrator account or administrator group.

For example, to set up domanadministrator1@example.com to manage domainexample1 and domainexample2.com. Create a new administrator account on one of the domains to be managed.

1.	Click New>Administrator and create the administrator account on one of the domains to be managed (domainexample1.com)

2.	Select the following views that domain administrators need to manage a domain:

•	Account List View

•	Distribution List View

•	Alias List View

•	Resource List View

•	Domain List View

•	Saved Searches View

 

3.	Click Next to configure the grants for this domain. When the views are selected, the rights associated with these views automatically display on the Configure the Grants dialog.

Click Next. The informational box shows the grants were created.

Click OK in the Informational window.

The Configure Grants dialog displays again

4.	Now you add another domain to be managed (domainexample2.com).

•	On the Configure Grants page, click Add

•	Select the target type as domain

•	Enter the target’s domain name (domainexample2.com)

•	Right Type, select System Defined Right

•	Right Name type, adminConsoleAccountRights. Is Positive Right should be selected.

•	Click Add and More

•	The Add ACE page displays again and the Right Name field is empty. Type, adminConsoleDLRights and click Add and More

•	Continue to add the following right names:

•	adminConsoleAliasRights

•	adminConsoleResourceRights

•	adminConsoleSavedSearchRights

•	adminConsoleDomainRights

•	After the last right, click Add and Finish. The Configure the Grants dialog displays these rights associated with the target domain. If you are adding another domain to manage, click Add and More. Repeat Step 4. If not, click Finish.

View Mail Access Right.

•	Target types that can be granted this right are accounts, domains, and distribution list. Set the target type as global the View Mail option should always be disabled for all delegated administrators (except for the global administrator).

•	Target = specific account, domain, distribution list

•	Right Type = System Defined Right

•	Right Name = adminLoginAs

•	To deny this right on the target, check the box for Is Negative Right (Deny)

Run cross-mailbox searches

This role creates an delegated administrator role that can run the Search Mail tool to search mail archives or live mail for accounts on the server.

•	Target type = server

•	Target = Select the server where cross mailbox searches can be run

•	Right Type = System Defined Right

•	Right Name = adminConsoleCrossMailboxSearchRights, adminConsoleCrossMailboxSearchRights

For full functionality, this role includes the ability to create new accounts so that the admin can create the target mailbox to receive the search results. If you do not want this role to have the ability to create accounts, grant the following negative right as well.

•	Right Type = System Defined Right

•	Right Name = CreateAccount

•	To deny this right on the target, check the box for Is Negative Right

If you want this admin to also view the results of the cross mailbox search, grant the right to view the mailbox for that mailbox only.

•	Target type = account

•	Target = Cross mailbox search target account name

•	Right Type = System Defined Right

•	Right Name = adminLoginAs

Manage Zimlets

This role creates an delegated administrator role that can create, deploy and view Zimlets.

•	Target type = server, domain

•	Target = target name

•	Right Type = System Defined Right

•	Right Name = adminConsoleZimletRights, adminConsoleAccountsZimletsTabRights,

Manage Resources

This role creates an delegated administrator that can create and manage resources.

•	Target type = domain

•	Target = target name

•	Right Type = System Defined Right

•	Right Name = adminConsoleResourceRights

Access to the Saved Searches

This role creates an delegated administrator that can only access all the searches saved in the administration console Navigation pane, Search section.

•	Target type = domain

•	Target = target name

•	Right Type = System Defined Right

•	Right Name = adminConsoleSaveSearchRights

 

 

 

 

ZCS Administrator's Guide Network Edition 6.0, Rev 1