Results 1 to 4 of 4

Thread: Domain account cannot change account's class of service?

  1. #1
    bhwong is offline Outstanding Member
    Join Date
    Feb 2009
    Location
    Singapore
    Posts
    500
    Rep Power
    7

    Default Domain account cannot change account's class of service?

    Domain Admin account should be able to change all accounts within it's domain to other class of services as long as there are availability. No? See attached error message. Does the main admin account has to do this administrative work for all domains then?
    Attached Images Attached Images

  2. #2
    mmorse's Avatar
    mmorse is offline Moderator
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    Quote Originally Posted by bhwong
    ZCS Version: 5.0.11 FOSS and 5.0.18 NE editions on Ubuntu
    This is not allowed in 5.x since you may want to assign a COS to a domain; an HSP may want to prevent changing COS/enabled features since that's how they charge. You can set quotas with an additional permission.

    This has been solved in 6.x via Bug 11515 - role based delegate administration

    Specifically Bug 29102 - expose COS and allow setting COS on account creation for domain admin
    - check the assignCos right when account.zimbrasCOSId or domain.zimbraDomainDefaultCOSId is changed or provided to createAccount/Domain.

    - Included setAttr right for account.zimbrasCOSId and domain.zimbraDefaultCOSId in the doaminAdmin combo right use for migrating domain admins.

    - Fixed the upgrade to grant the assignCos right on COS's accessable to domain admins (by their zimbraDomainCOSMaxAccounts). FRANKLIN domain admins with zimbraDomainCOSMaxAccounts values are granted the listCos(see a cos in GetAllCos), getCos(see all cos attributes), and assignCos(can assign the COS to a zimbrasCOSId/zimbraDomainDefaultCOSId) rights.
    There are 3 COS rights:
    - listCos: can see the cos in GetAllCos
    - getCos: can see all attributes of the COS
    - assignCos: can assign the cos to an account or a domains/s default COS. the 3 together makes a COS "accessable" by an admin.

    To make COS changes on account/domain, the admin also needs:
    -set attr right on account.zimbraCOSId
    -set attr right on domain.zimbraDomainDefaultCOSId e.g.

    To assign COS-1 to user1@domain.com, the admin needs listCos,getCos,assignCos rights on COS-1, and set attr right of the zimbraCOSId attr on user1@domain.com (can be granted on the domain and inherited of course)
    1. an admin login
    2. the GetAllCos SOAP returns only COS's on which the authed admin has effective listCos/getCos rights.
    3. the admin picks one from the returned COS list when he needs to assign cos to accounts or change the default cos for the domain.
    4. Now, if the admin does not also have the assingCos right for the COS he picked, the ModifyAccount SOAP call will be PERM_DENIED.

  3. #3
    bhwong is offline Outstanding Member
    Join Date
    Feb 2009
    Location
    Singapore
    Posts
    500
    Rep Power
    7

    Default

    Does it make any sense to provide an option that is not allowed? What does "Allow domain admin to modify the account mail quota" actually do then? And what about "Maximum quota (mb) domain admin can specify"?

    I notice that Domain administrator are not allowed to change COS despite having or given available COS to switch to by the main administrator. Yet they are allowed to bypass the COS by entering the quota for each account themselves. This just doesn't make sense to me. Anyone care to explain the logic behind this?

    Since Administrator can create COS and set number of accounts limits, then it shouldn't matter if Domain administrators can swap COS according to user's need as long as these COS accounts are available, isn't it?

    The default is just too inflexible, not to mention that most email HSPs are charging by domain quota with unlimited email accounts, not by account quota with limited email accounts. How can we compare and compete?

  4. #4
    sugiggs is offline Loyal Member
    Join Date
    Sep 2009
    Posts
    99
    Rep Power
    5

    Default

    I already set everything you mentioned but still cant see the COS choices (when you create/modify account) from domain admin account..


    Quote Originally Posted by mmorse View Post
    This is not allowed in 5.x since you may want to assign a COS to a domain; an HSP may want to prevent changing COS/enabled features since that's how they charge. You can set quotas with an additional permission.

    This has been solved in 6.x via Bug 11515 - role based delegate administration

    Specifically Bug 29102 - expose COS and allow setting COS on account creation for domain admin

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 3
    Last Post: 06-15-2009, 11:04 PM
  2. Moving accounts to different domain on same server
    By KevinMacHarg in forum Administrators
    Replies: 0
    Last Post: 02-06-2009, 01:39 PM
  3. Replies: 2
    Last Post: 07-31-2008, 08:28 AM
  4. Allow single account to be domain admin over multiple domains
    By peter@mxtoolbox.com in forum Administrators
    Replies: 2
    Last Post: 03-19-2008, 12:36 PM
  5. domain coexistence
    By marcmac in forum Administrators
    Replies: 14
    Last Post: 06-30-2006, 01:19 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •