Results 1 to 5 of 5

Thread: [SOLVED] Which Right(s) to Grant in order to use "Mailbox Quota" statistics

  1. #1
    potlgd is offline Junior Member
    Join Date
    Dec 2010
    Posts
    5
    Rep Power
    4

    Question [SOLVED] Which Right(s) to Grant in order to use Mailbox Quota statistics

    Hi, folks.

    I am in the process of trying to setup limited Admin Groups. I've got most of what I need, but presently, when viewing the statistics for my servers using the limited Group, the "Mailbox Quota" tab is empty. I assume this is an ACL problem because the info works fine when using a Global Admin account.

    I have the following Grants on the limited group:

    global:
    adminConsoleBackupRights
    adminConsoleCOSRights
    adminConsoleMailQueueRights
    adminConsoleServerStatisticRights
    adminConsoleServerStatusRights
    domainAdminAccountRights
    domainAdminZimletRights

    domain:
    adminConsoleAccountRights
    adminConsoleAliasRights
    adminConsoleDLRights
    adminConsoleResourceRights
    adminConsoleSavedSearchRights
    domainAdminConsoleRights
    getDomainQuotaUsage

    server:
    getMailboxStats

    Any clues as to which Rights, or any other bits, I may be missing to make this work?

    Update: I just found the error being generated by my attempts:

    Code:
    2010-12-07 15:21:58,398 INFO  [btpool0-9681://my.server:7071/service/admin/soap/GetQuotaUsageRequest] [name=me@my.domain;mid=10;ip=0.0.0.0;ua=ZimbraWebClient - FF3.0 (Linux);] soap - GetQuotaUsageRequest
    2010-12-07 15:21:58,399 INFO  [btpool0-9681://my.server:7071/service/admin/soap/GetQuotaUsageRequest] [name=me@my.domain;mid=10;ip=0.0.0.0;ua=ZimbraWebClient - FF3.0 (Linux);] SoapEngine - handler exception
    com.zimbra.common.service.ServiceException: permission denied: need right: PSEUDO_SYSTEM_ADMIN_ONLY for global globalacltarget
    ExceptionId:btpool0-9681://my.server:7071/service/admin/soap/GetQuotaUsageRequest:1291753318399:ff4923d6a8c52770
    Code:service.PERM_DENIED
            at com.zimbra.common.service.ServiceException.PERM_DENIED(ServiceException.java:278)
            at com.zimbra.cs.service.admin.AdminAccessControl$ACLAccessControl.checkRight(AdminAccessControl.java:549)
            at com.zimbra.cs.service.admin.AdminDocumentHandler.checkRight(AdminDocumentHandler.java:374)
            at com.zimbra.cs.service.admin.GetQuotaUsage.handle(GetQuotaUsage.java:94)
            at com.zimbra.soap.SoapEngine.dispatchRequest(SoapEngine.java:420)
            at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:274)
            at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:158)
            at com.zimbra.soap.SoapServlet.doWork(SoapServlet.java:291)
            at com.zimbra.soap.SoapServlet.doPost(SoapServlet.java:212)
            at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
            at com.zimbra.cs.servlet.ZimbraServlet.service(ZimbraServlet.java:181)
            at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
            at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
            at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1166)
            at com.zimbra.cs.servlet.SetHeaderFilter.doFilter(SetHeaderFilter.java:79)
            at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
            at org.mortbay.servlet.UserAgentFilter.doFilter(UserAgentFilter.java:81)
            at org.mortbay.servlet.GzipFilter.doFilter(GzipFilter.java:132)
            at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
            at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388)
            at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
            at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
            at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
            at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418)
            at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:230)
            at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114)
            at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
            at org.mortbay.jetty.handler.rewrite.RewriteHandler.handle(RewriteHandler.java:230)
            at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
            at org.mortbay.jetty.handler.DebugHandler.handle(DebugHandler.java:77)
            at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
            at org.mortbay.jetty.Server.handle(Server.java:326)
            at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:543)
            at org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:939)
            at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:755)
            at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:218)
            at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:405)
            at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:413)
            at org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:451)
    Needing right "PSEUDO_SYSTEM_ADMIN_ONLY" seems discouraging. Is this going to become an RFE?

    Thanks,
    Chris Miller
    Last edited by potlgd; 12-09-2010 at 01:39 PM. Reason: Marking solved borked the subject line.

  2. #2
    potlgd is offline Junior Member
    Join Date
    Dec 2010
    Posts
    5
    Rep Power
    4

    Default [Workaround Found]

    Pretty sure I've narrowed this down to a bug. Workaround, such as it is, can be found in Bugzilla: Bug 54280 - GetQuotaUsageRequest does not work for Delegated/Domain Admins

    Chris

  3. #3
    nwcon is offline Member
    Join Date
    Feb 2010
    Posts
    12
    Rep Power
    5

    Default

    This bug (bug 54280) is listed as FIXED, yet I cannot for the life of me find any documentation or recent information on how to properly grant access to a delegated admin to be able to view mailbox quota statistics in the zimbra admin panel i.e. Monitoring on the left -> Server Statistics -> select server -> Mailbox Quota tab. The mailbox quota tab is still empty, which leads me to believe this issue has yet to be fixed in our version of Zimbra (NE 7.2.4). The 'workaround' referenced in the bug report does not work.

    Sessions can be viewed, but Mailbox Quotas do not show up for delegated admins.

    Has anyone found a way to get this to work for delegated admins?

    We have a multi-server environment, so maybe that's the problem.

    Regards,

    nwcon

  4. #4
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,568
    Rep Power
    57

    Default

    Quote Originally Posted by nwcon View Post
    The mailbox quota tab is still empty, which leads me to believe this issue has yet to be fixed in our version of Zimbra (NE 7.2.4).
    You should take a look at (usually) the last comment in a bug report to find the version of ZCS in which a resolution has been verified as fixed and the Product Portal should tell you which version that was in.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    nwcon is offline Member
    Join Date
    Feb 2010
    Posts
    12
    Rep Power
    5

    Default

    Thanks, Bill. I wasn't sure what the information really meant in the Product Portal, but at least now I have a concrete answer. Too bad this fix wasn't backported, since 7.2.x will be with us (and likely a lot of folks) for some time.

    Regards,

    nwcon

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [SOLVED] Tab Order
    By Ericx in forum Zimlets
    Replies: 3
    Last Post: 08-25-2010, 01:17 PM
  2. Tab Order Manager...
    By sirick in forum Developers
    Replies: 4
    Last Post: 12-15-2005, 09:26 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •