Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Administrators
Reload this Page DL Admin rights...Cannot list admin users

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 09-12-2011, 05:04 AM
PhD PhD is offline
Senior Member
  
Posts: 62
Default DL Admin rights...Cannot list admin users
Howdy,
Ive set up some distribution lists, and along side them, ive also created a secondary DL called listname-admin@domain.com as an "admin" group, cant recieve mail, hidden from gal, which contains users who can log in to the admin console and modify the list membership of listname@domain.com

Ive got the following grants configured for the admin group

Under DL tab
Grantee: listname-admin@domain.com
Targets: Distribution Lists - listname@domain.com
Granted Rights: addDistributionListMember, getDistributionListMembership, listDistributionList, removeDistributionListMember, viewDistributionListAdminUI
Readable Attributes: All the attributes
Modifiable Attributes: All the attributes

Under the Accounts Tab
Grantee: listname-admin@domain.com
Targets: All Accounts
Granted Rights: listAccount
Readable Attributes: All the attributes

Along with the Distribution List View admin view.

The problem i think i can see is:
While the users can add/remove members as required... in the "find member" section, if the user they are trying to find is a global admin, no results are returned for them.

They can, however, manually add the address in the box underneath, but this can lead to typo's and such.

I have also tested it it with the default zimbradladmin group that is defined.. and the same results are shown, a DL admin cannot "find" users who are a global admin.

Obviously as a global admin, i can search for and find other users who are admins to add to lists.

What Grant/Right would i be missing here? i thought "listAccounts" under global, would have been able to catch *everyone* - including admins?

So, steps to reproduce are:

Create/Modify a regular user - set them to be a global admin.
Add another regular user, to the zimbradladmin group, and add them as an "administrator" in their account preferences

Log into the admin console as the dladmin user, try and add the global admin user to the list - by trying to "find" them on the right hand side of the memberlist pane.

It was pretty much copied from the following page... http://www.zimbra.com/docs/ne/latest...ss_Rights.html (which BTW has a typo in the doco, for the "domain" listAccount - the target is the DL domain - not DL email address)

Cheers
Last edited by PhD; 09-12-2011 at 05:26 AM..
Reply With Quote
  #2 (permalink)  
Old 09-12-2011, 06:37 AM
PhD PhD is offline
Senior Member
  
Posts: 62
Default
Further more...

If i create a user - and add them to the zimbradomainadmins auth group - they too, cannot view "global" administrator accounts.

Trying to search/find a user who is a global admin - results in this error:

Error: permission denied
Message: permission denied: delegated admin is not allowed to access a global admin's account Error code: service.PERM_DENIED Method: [unknown] Details:soap:Sender

I suspect the Distribution List admins are hitting the same kind of error - but is not throwing the exception up.
Reply With Quote
Reply

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com


Home - Blog - Contact Us - Archive - Top


 

SEO by vBSEO ©2011, Crawlability, Inc.