Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Administrators
Reload this Page Prevent admins from accessing user e-mails

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 01-12-2012, 08:53 AM
j2b j2b is offline
Special Member
  
Posts: 109
Default Prevent admins from accessing user e-mails
Have not found any discussion on this matter, as, probably, for onsite inhouse (or within local admin control) ZCS installations this might be not necessary. But anyway...

We are planning to evolve our server administration and customer support services for our customers (as a small ISP) and I was bothering about our customers' data security. For sure, we are planning several layers of access, including administration of ZCS servers and customer accounts. But for now, I have not found any reasonable solution to prevent ZCS server administrators to access our customers' data in mailboxes.

What might be considered as a good practice to limit or control such access? Our potential customers often ask this question. For now, I do not have any specific answer, rather relying on trust, long term business targets, etc. Can anybody share their thoughts or solutions for that?

The one, that comes in my mind, is artificially limit such admin's access via controlling log files and providing decent support system - e.g. no admin access to user accounts should happen, if no relevant support ticket is issued or in progress. But still this might be a fight after bad things happen. As well, how to limit permissions or accessibility for senior/junior admins, as senior might be the most trusted ones (again trust).

Another - letting somebody to administer ZCS from CLI only, by not letting access to admin interface, but this might be a partial solution, and has to be controlled outside Zimbra stack.

What are good practices at your place, guys, dealing with multi-domain customers?
Reply With Quote
  #2 (permalink)  
Old 01-12-2012, 12:00 PM
Special Member
  
Posts: 160
Default
For our helpdesk - we created an admin group that does not have access to view users's mail. They can do almost everything else - but they cannot view.

You need to create a distro - then configure grants and views. Then you need to make a user an 'admin' and assign that distro as their role. I think specifically you need to take away adminLoginAs.

(-adminLoginAs)
Reply With Quote
  #3 (permalink)  
Old 01-12-2012, 12:38 PM
j2b j2b is offline
Special Member
  
Posts: 109
Default
i2ambler. Thank you for your point, but I am missing info on distro (assuming you are mentioning Distribution list). Or these features are available on ZCS NE?
Reply With Quote
  #4 (permalink)  
Old 01-12-2012, 01:07 PM
j2b j2b is offline
Special Member
  
Posts: 109
Default
i2ambler, actually thank you for keyword - adminLoginAs. As far as I managed to find out, these settings are really available only for NE, as I could not manage to find any settings in admin UI. And internet forums/blogs have notice, that this does not work on OSS edition, although could not find workarround or at least confirmation for ZCS v7.1+. And Zimbra forums after changing of my search keywords became full of results. Have to take time to investigate.

Any other thoughts or ideas from guys working on OS edition?

Thanx again!
Reply With Quote
Reply

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com


Home - Blog - Contact Us - Archive - Top


 

SEO by vBSEO ©2011, Crawlability, Inc.