Zimbra Domain Admin Delegation Open Source version 8.x and up

We were assigned a task of creating user account with access to only certain things. This can be done with this simple approach on Zimbra Open Source addition.

1. First create user admin_usr@domain.com for domain for which you want to grant delegation admin access.
2. We create admin_deleg.sh script in /opt/zimbra directory. The script should be owned by zimbra user.

#!/bin/bash
zmprov ma $2 zimbraIsDelegatedAdminAccount TRUE
zmprov ma $2 zimbraAdminConsoleUIComponents cartBlancheUI zimbraAdminConsoleUIComponents domainListView zimbraAdminConsoleUIComponents accountListView zimbraAdminConsoleUIComponents DLListView
zmprov ma $2 zimbraDomainAdminMaxMailQuota 0
zmprov grantRight domain $1 usr $2 +createAccount
zmprov grantRight domain $1 usr $2 +createAlias
zmprov grantRight domain $1 usr $2 +createCalendarResource
zmprov grantRight domain $1 usr $2 +createDistributionList
zmprov grantRight domain $1 usr $2 +deleteAlias
zmprov grantRight domain $1 usr $2 +listDomain
zmprov grantRight domain $1 usr $2 +domainAdminRights
zmprov grantRight domain $1 usr $2 +configureQuota
zmprov grantRight domain $1 usr $2 set.account.zimbraAccountStatus
zmprov grantRight domain $1 usr $2 set.account.sn
zmprov grantRight domain $1 usr $2 set.account.displayName
zmprov grantRight domain $1 usr $2 set.account.zimbraPasswordMustChange
zmprov grantRight domain $1 usr $2 getDomainQuotaUsage
zmprov grantRight account $2 usr $2 +deleteAccount
zmprov grantRight account $2 usr $2 +getAccountInfo
zmprov grantRight account $2 usr $2 +getAccountMembership
zmprov grantRight account $2 usr $2 +getMailboxInfo
zmprov grantRight account $2 usr $2 +listAccount
zmprov grantRight account $2 usr $2 +removeAccountAlias
zmprov grantRight account $2 usr $2 +renameAccount
zmprov grantRight account $2 usr $2 +setAccountPassword
zmprov grantRight account $2 usr $2 +viewAccountAdminUI
zmprov grantRight account $2 usr $2 +configureQuota

3. Assign correct ownership and make script executable

chmod +x admin_deleg.sh
chown zimbra:zimbra admin_deleg.sh 

4. We can now run this script with 2 variables $1 = domain(domain.com) and $2 = user(admin_usr@domain.com)

./admin_deleg.sh domain.com admin_usr@domain.com