Results 1 to 2 of 2

Thread: DL Admin rights...Cannot list admin users

  1. #1
    PhD
    PhD is offline Senior Member
    Join Date
    Jun 2011
    Posts
    64
    Rep Power
    3

    Default DL Admin rights...Cannot list admin users

    Howdy,
    Ive set up some distribution lists, and along side them, ive also created a secondary DL called listname-admin@domain.com as an "admin" group, cant recieve mail, hidden from gal, which contains users who can log in to the admin console and modify the list membership of listname@domain.com

    Ive got the following grants configured for the admin group

    Under DL tab
    Grantee: listname-admin@domain.com
    Targets: Distribution Lists - listname@domain.com
    Granted Rights: addDistributionListMember, getDistributionListMembership, listDistributionList, removeDistributionListMember, viewDistributionListAdminUI
    Readable Attributes: All the attributes
    Modifiable Attributes: All the attributes

    Under the Accounts Tab
    Grantee: listname-admin@domain.com
    Targets: All Accounts
    Granted Rights: listAccount
    Readable Attributes: All the attributes

    Along with the Distribution List View admin view.

    The problem i think i can see is:
    While the users can add/remove members as required... in the "find member" section, if the user they are trying to find is a global admin, no results are returned for them.

    They can, however, manually add the address in the box underneath, but this can lead to typo's and such.

    I have also tested it it with the default zimbradladmin group that is defined.. and the same results are shown, a DL admin cannot "find" users who are a global admin.

    Obviously as a global admin, i can search for and find other users who are admins to add to lists.

    What Grant/Right would i be missing here? i thought "listAccounts" under global, would have been able to catch *everyone* - including admins?

    So, steps to reproduce are:

    Create/Modify a regular user - set them to be a global admin.
    Add another regular user, to the zimbradladmin group, and add them as an "administrator" in their account preferences

    Log into the admin console as the dladmin user, try and add the global admin user to the list - by trying to "find" them on the right hand side of the memberlist pane.

    It was pretty much copied from the following page... http://www.zimbra.com/docs/ne/latest...ss_Rights.html (which BTW has a typo in the doco, for the "domain" listAccount - the target is the DL domain - not DL email address)

    Cheers
    Last edited by PhD; 09-12-2011 at 05:26 AM.

  2. #2
    PhD
    PhD is offline Senior Member
    Join Date
    Jun 2011
    Posts
    64
    Rep Power
    3

    Default

    Further more...

    If i create a user - and add them to the zimbradomainadmins auth group - they too, cannot view "global" administrator accounts.

    Trying to search/find a user who is a global admin - results in this error:

    Error: permission denied
    Message: permission denied: delegated admin is not allowed to access a global admin's account Error code: service.PERM_DENIED Method: [unknown] Details:soap:Sender

    I suspect the Distribution List admins are hitting the same kind of error - but is not throwing the exception up.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 2
    Last Post: 09-05-2011, 09:03 AM
  2. Replies: 2
    Last Post: 08-25-2011, 09:20 AM
  3. Domain administrator create distribution list rights
    By dave_kempe in forum Administrators
    Replies: 2
    Last Post: 06-23-2011, 01:50 PM
  4. Admin rights, easy way to delegate some functions?
    By number9 in forum Administrators
    Replies: 1
    Last Post: 03-31-2011, 06:33 AM
  5. Replies: 1
    Last Post: 03-20-2008, 02:48 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •