Remove view mail option

[rajeshkodali]

Hi,

I am using Release 6.0.1_GA_1816.RHEL4_20090911162108 CentOS4 FOSS edition and I want no administrators have the option of view mail. Please help me how to remove this option. I feel the option of delegated administration being left out from FOSS edition is very sad.

[uxbod]

View e-mail action on zimbraAdmin

[rajeshkodali]

Hi,

I am looking at finding which right invokes view mail using zmprov rvr .. If i need to revoke an admin named admin1@domain.com the permission to view mail what should be the command

[uxbod]

Code:

su - zimbra
zmprov rvr account user@domain.com adminLoginAs

as per the thread I posted.

[rajeshkodali]

[zimbra@mymail ~]$ zmprov rvr account user@domain adminLoginAs
usage: revokeRight(rvr) {target-type} [{target-id|target-name}] {grantee-type} {grantee-id|grantee-name} {[-]right}

zmprov [args] [cmd] [cmd-args ...]

-h/--help display usage
-f/--file use file as input stream
-s/--server {host}[:{port}] server hostname and optional port
-l/--ldap provision via LDAP instead of SOAP
-L/--logpropertyfile log4j property file, valid only with -l
-a/--account {name} account name to auth as
-p/--password {pass} password for account
-P/--passfile {file} read password from file
-z/--zadmin use zimbra admin name/password from localconfig for admin/password
-y/--authtoken {authtoken} use auth token string(has to be in JSON format) from command line
-Y/--authtokenfile {authtoken file} use auth token string(has to be in JSON format) from command line
-v/--verbose verbose mode (dumps full exception stack trace)
-d/--debug debug mode (dumps SOAP messages)
-m/--master use LDAP master (only valid with -l)

zmprov is used for provisioning. Try:

zmprov help account help on account-related commands
zmprov help calendar help on calendar resource-related commands
zmprov help commands help on all commands
zmprov help config help on config-related commands
zmprov help cos help on COS-related commands
zmprov help domain help on domain-related commands
zmprov help freebusy help on free/busy-related commands
zmprov help list help on distribution list-related commands
zmprov help log help on logging commands
zmprov help misc help on misc commands
zmprov help mailbox help on mailbox-related commands
zmprov help notebook help on notebook-related commands
zmprov help right help on right-related commands
zmprov help search help on search-related commands
zmprov help server help on server-related commands
zmprov help share help on share related commands

[zimbra@mymail ~]$

[y@w]

Indeed, it doesn't work.

After looking at this for a few minutes, I'm pretty sure that what you want to do is add a negative right for adminLoginAs to forbid it, rather than passively not allow it.

I couldn't apply the deny directly to a global administrator:

Code:

ERROR: service.INVALID_REQUEST (invalid request: grantee must be a delegated admin account or admin group, it cannot be a global admin account.)

Denying access to global administrators seems to be a bit tricky. I was able to get a deny right in by creating a distro list with only a test account that was a global admin and setting the list as an admin group. Then I did:

Code:

zmprov grr dl testing@domain.com grp testing@domain.com -adminLoginAs

However, my test user still had the view mail button and could still login..

[rajeshkodali]

So .. Is there no other option to disable ViewMail option completely from Admin UI ?

[markhard]

any solution for this?

[madjik]

Just bumping the topic. Has a solution been found to completly disable the view mail (even for global admin) feature in version 6 ?

I tried to play with Admin_all.js but can't find a way to do it...

[markhard]

i found solution for version 5 by searching this forum, but there is no solution for version 6.

version 6 have completely different coding from version 5