Disable Admin View Mail

[dkarp]

What was the bug ID? I'll try to track that down for you...

[pfefferc]

Here is the link: http://bugzilla.zimbra.com/show_bug.cgi?id=7425

[dkarp]

That bug says that when admins are logged into the mail system as themselves they should have normal user rights. This was causing people no end of confusion, because one user would share a calendar with the admin read-only and the admin would be able to modify it from their regular mail client.

You want something completely different. Is there a bug filed for what you want?

[pfefferc]

My case number is: 00008212 "Is it possible to disable the admin from being able to view the users email?"

[Greg]

Quote:

Originally Posted by pfefferc

My case number is: 00008212 "Is it possible to disable the admin from being able to view the users email?"

It is possible to write an admin extension that will disable the feature in the UI, however they will still be able to do it if they hack into the SOAP.

[pfefferc]

How would I do that? Or is there away so that when they click view mail, to prompt for the user's password?

[Bingo]

Quote:

Originally Posted by Greg

It is possible to write an admin extension that will disable the feature in the UI, however they will still be able to do it if they hack into the SOAP.

That would be a nice workaround though.
I am in the same situation as pfefferc :
I use Zimbra Open Source only for my domain (with a quite limited number of users, about 30).
I would like to delegate the creation of user accounts to one of my colleagues, but I don't want him to be able to view users emails.

Why can the global administrator view users emails anyway ? I don't want to view them !
Having the ability to reset a user's password is enough, IMHO.

For now, I just voted for this bug (quite hard to find, but it's here : http://bugzilla.zimbra.com/show_bug.cgi?id=11374), but I really think this is a power that administrators shouldn't have.

[chh]

Quote:

Originally Posted by Greg

It is possible to write an admin extension that will disable the feature in the UI, however they will still be able to do it if they hack into the SOAP.

I think you should include something like this as a regular feature. so that you have to decide if you want this activated or not when installing.
The point is that in Germany (and I guess in other countries as well) this feature will make it impossible to use Zimbra in some companies.
There are laws that prohibit anyone to be able to read the mails of another person without consent or very strict rulings as long as it is not forbidden to use the mailbox for private mails as well (and still even if this is the case).

Christian

[Greg]

Quote:

Originally Posted by chh

The point is that in Germany (and I guess in other countries as well) this feature will make it impossible to use Zimbra in some companies.
There are laws that prohibit anyone to be able to read the mails of another person without consent or very strict rulings as long as it is not forbidden to use the mailbox for private mails as well (and still even if this is the case).

Having a drill is not illegal, but using it to drill a whole in the safe box is. It seems like the problem in this case is not the availability of this feature in the UI but the ability of an admin to read users' email. If the laws prohibit it then clicking the "View Mail" button without the user's consent is illegal. As it is illegal to access this user's mailbox in any other way. However, there is a catch If you are the admin and you have root access to the box, you can read any email you want unless it is encrypted with a public key and the adresse of the email is the only one who has the private key. Also, if there is an ability to change password - the admin can 1 - change password, 2 - log in into the mailbox, 3 - read the email. And so on... there are numerous ways to break this law for someone with root access to the domain no matter which email server is being used. The bottom line is that the admin has an ability to access users' email whether this feature is there or not. So, I agree that this feature might be provocative for an admin who you do not trust, but I do not see how this UI feature interferes with the law.

[chh]

Greg,
you are right, the feature has nothing to do with the law. And you are right in saying that an admin can, nearly, do everything he wants.
IT is just making this thing very easy and obvious. And I know that some applications dealing with email make it impossible to do this (except going back to basic OS mechanisms) for a single person to read the mails of others.
Perhaps I am a bit over concious on this point as we had some workshops for customers dealing with these things.