[SOLVED] Which Right(s) to Grant in order to use "Mailbox Quota" statistics

[potlgd]

Hi, folks.

I am in the process of trying to setup limited Admin Groups. I've got most of what I need, but presently, when viewing the statistics for my servers using the limited Group, the "Mailbox Quota" tab is empty. I assume this is an ACL problem because the info works fine when using a Global Admin account.

I have the following Grants on the limited group:

global:

adminConsoleBackupRights
adminConsoleCOSRights
adminConsoleMailQueueRights
adminConsoleServerStatisticRights
adminConsoleServerStatusRights
domainAdminAccountRights
domainAdminZimletRights

domain:

adminConsoleAccountRights
adminConsoleAliasRights
adminConsoleDLRights
adminConsoleResourceRights
adminConsoleSavedSearchRights
domainAdminConsoleRights
getDomainQuotaUsage

server:

getMailboxStats

Any clues as to which Rights, or any other bits, I may be missing to make this work?

Update: I just found the error being generated by my attempts:

Code:

2010-12-07 15:21:58,398 INFO  [btpool0-9681://my.server:7071/service/admin/soap/GetQuotaUsageRequest] [name=me@my.domain;mid=10;ip=0.0.0.0;ua=ZimbraWebClient - FF3.0 (Linux);] soap - GetQuotaUsageRequest
2010-12-07 15:21:58,399 INFO  [btpool0-9681://my.server:7071/service/admin/soap/GetQuotaUsageRequest] [name=me@my.domain;mid=10;ip=0.0.0.0;ua=ZimbraWebClient - FF3.0 (Linux);] SoapEngine - handler exception
com.zimbra.common.service.ServiceException: permission denied: need right: PSEUDO_SYSTEM_ADMIN_ONLY for global globalacltarget
ExceptionId:btpool0-9681://my.server:7071/service/admin/soap/GetQuotaUsageRequest:1291753318399:ff4923d6a8c52770
Code:service.PERM_DENIED
        at com.zimbra.common.service.ServiceException.PERM_DENIED(ServiceException.java:278)
        at com.zimbra.cs.service.admin.AdminAccessControl$ACLAccessControl.checkRight(AdminAccessControl.java:549)
        at com.zimbra.cs.service.admin.AdminDocumentHandler.checkRight(AdminDocumentHandler.java:374)
        at com.zimbra.cs.service.admin.GetQuotaUsage.handle(GetQuotaUsage.java:94)
        at com.zimbra.soap.SoapEngine.dispatchRequest(SoapEngine.java:420)
        at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:274)
        at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:158)
        at com.zimbra.soap.SoapServlet.doWork(SoapServlet.java:291)
        at com.zimbra.soap.SoapServlet.doPost(SoapServlet.java:212)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
        at com.zimbra.cs.servlet.ZimbraServlet.service(ZimbraServlet.java:181)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
        at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
        at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1166)
        at com.zimbra.cs.servlet.SetHeaderFilter.doFilter(SetHeaderFilter.java:79)
        at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
        at org.mortbay.servlet.UserAgentFilter.doFilter(UserAgentFilter.java:81)
        at org.mortbay.servlet.GzipFilter.doFilter(GzipFilter.java:132)
        at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
        at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388)
        at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
        at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
        at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
        at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418)
        at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:230)
        at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114)
        at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
        at org.mortbay.jetty.handler.rewrite.RewriteHandler.handle(RewriteHandler.java:230)
        at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
        at org.mortbay.jetty.handler.DebugHandler.handle(DebugHandler.java:77)
        at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
        at org.mortbay.jetty.Server.handle(Server.java:326)
        at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:543)
        at org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:939)
        at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:755)
        at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:218)
        at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:405)
        at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:413)
        at org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:451)

Needing right "PSEUDO_SYSTEM_ADMIN_ONLY" seems discouraging. Is this going to become an RFE?

Thanks,
Chris Miller

[potlgd]

Pretty sure I've narrowed this down to a bug. Workaround, such as it is, can be found in Bugzilla: Bug 54280 - GetQuotaUsageRequest does not work for Delegated/Domain Admins

Chris