Zimbra Domain Admin Delegation Open Source version 8.x and up
Posted On November 7, 2017
We were assigned a task of creating user account with access to only certain things. This can be done with this simple approach on Zimbra Open Source addition.
1. First create user admin_usr@domain.com for domain for which you want to grant delegation admin access.
2. We create admin_deleg.sh script in /opt/zimbra directory. The script should be owned by zimbra user.
#!/bin/bash zmprov ma $2 zimbraIsDelegatedAdminAccount TRUE zmprov ma $2 zimbraAdminConsoleUIComponents cartBlancheUI zimbraAdminConsoleUIComponents domainListView zimbraAdminConsoleUIComponents accountListView zimbraAdminConsoleUIComponents DLListView zmprov ma $2 zimbraDomainAdminMaxMailQuota 0 zmprov grantRight domain $1 usr $2 +createAccount zmprov grantRight domain $1 usr $2 +createAlias zmprov grantRight domain $1 usr $2 +createCalendarResource zmprov grantRight domain $1 usr $2 +createDistributionList zmprov grantRight domain $1 usr $2 +deleteAlias zmprov grantRight domain $1 usr $2 +listDomain zmprov grantRight domain $1 usr $2 +domainAdminRights zmprov grantRight domain $1 usr $2 +configureQuota zmprov grantRight domain $1 usr $2 set.account.zimbraAccountStatus zmprov grantRight domain $1 usr $2 set.account.sn zmprov grantRight domain $1 usr $2 set.account.displayName zmprov grantRight domain $1 usr $2 set.account.zimbraPasswordMustChange zmprov grantRight domain $1 usr $2 getDomainQuotaUsage zmprov grantRight account $2 usr $2 +deleteAccount zmprov grantRight account $2 usr $2 +getAccountInfo zmprov grantRight account $2 usr $2 +getAccountMembership zmprov grantRight account $2 usr $2 +getMailboxInfo zmprov grantRight account $2 usr $2 +listAccount zmprov grantRight account $2 usr $2 +removeAccountAlias zmprov grantRight account $2 usr $2 +renameAccount zmprov grantRight account $2 usr $2 +setAccountPassword zmprov grantRight account $2 usr $2 +viewAccountAdminUI zmprov grantRight account $2 usr $2 +configureQuota
3. Assign correct ownership and make script executable
chmod +x admin_deleg.sh chown zimbra:zimbra admin_deleg.sh
4. We can now run this script with 2 variables $1 = domain(domain.com) and $2 = user(admin_usr@domain.com)
./admin_deleg.sh domain.com admin_usr@domain.com