
Originally Posted by
zimaster
- Is there a way to give an admin user the ability to just change/reset passwords and quotas without being able to add new accounts?
After you use ZxAdmin to delegate privs using the GUI, use zmprov on command line to grant the not createAccount privilege to the user!
Code:
zmprov grr domain domain.int usr zimbra1@domain.int -createAccount
You can view the grants like this
Code:
zmprov gg -t domain domain.int -g usr zimbra1@domain.int
target type target id target name grantee type grantee id grantee name right
------------ ------------------------------------ ------------------------------ ------------ ------------------------------------ ------------------------------ --------------------
domain 590ed111-89cb-4680-93a9-0be7aa9625fa domain.int usr f477c0a4-c7e2-4feb-a443-4bf60cbf0043 zimbra1@domain.int -domainAdminConsoleAccountsFeaturesTabRights
domain 590ed111-89cb-4680-93a9-0be7aa9625fa domain.int usr f477c0a4-c7e2-4feb-a443-4bf60cbf0043 zimbra1@domain.int viewAdminSavedSearch
domain 590ed111-89cb-4680-93a9-0be7aa9625fa domain.int usr f477c0a4-c7e2-4feb-a443-4bf60cbf0043 zimbra1@domain.int -createAccount
domain 590ed111-89cb-4680-93a9-0be7aa9625fa domain.int usr f477c0a4-c7e2-4feb-a443-4bf60cbf0043 zimbra1@domain.int setAdminSavedSearch
domain 590ed111-89cb-4680-93a9-0be7aa9625fa domain.int usr f477c0a4-c7e2-4feb-a443-4bf60cbf0043 zimbra1@domain.int -adminLoginAs
domain 590ed111-89cb-4680-93a9-0be7aa9625fa domain.int usr f477c0a4-c7e2-4feb-a443-4bf60cbf0043 zimbra1@domain.int domainAdminRights
You may need to wait a few minutes and/or logout-login, or flush the cache with "zmprov fc all" in order to see the results.
Bookmarks