zimbra remove delegated admin

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
abckdc
Posts: 15
Joined: Mon Sep 07, 2020 3:04 am

zimbra remove delegated admin

Post by abckdc »

Hello All,

Is it possible to delete all the rights assigned to the delegated admin. I have tried
zmprov ma abc@example.com zimbraIsDelegatedAdminAccount FALSE

But when I do so, the email abc@example.com is no longer a admin but his rights are still set. When I do
zmprov gg -t domain example.com

All the previously set rights are still there. And whenever I again run
zmprov ma abc@example.com zimbraIsDelegatedAdminAccount TURE

all the previously set rights comes into action. What I want I complete removal of those previously set admin rights. This is causing me a problem, previously I have created a delegated admin without option set.account.zimbraPasswordMustChange and the admin was unable to tick the box for user must change password while next login (it was blurred out). Now I am need of that option so I did
zmprov grantRight domain example.com usr abc@example.com +set.account.zimbraPasswordMustChange

Also, I verified with command
zmprov gg -t domain example.com

domain 829e7480-d236-4903-a032-dc19c67828f2 example.com usr 186d66ef-d8d7-4b10-ba38-f0fa21e32cff abc@example.com +set.account.zimbraPasswordMustChange

But the option is still blurred out. Is this a bug?

I will be very grateful for any suggestion.
Thank You.
phoenix
Ambassador
Ambassador
Posts: 27272
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: zimbra remove delegated admin

Post by phoenix »

abckdc wrote:Hello All,

Is it possible to delete all the rights assigned to the delegated admin.
What is the point of having a Delegated Admin if they have no 'rights', that doesn't make sense to my feeble mind.
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
abckdc
Posts: 15
Joined: Mon Sep 07, 2020 3:04 am

Re: zimbra remove delegated admin

Post by abckdc »

phoenix wrote:
abckdc wrote:Hello All,

Is it possible to delete all the rights assigned to the delegated admin.
What is the point of having a Delegated Admin if they have no 'rights', that doesn't make sense to my feeble mind.

I am sorry for the bad explanation. What I am facing is; once I have created a delegated admin with rights to list account and change the user password only with help from
https://imanudin.net/2019/04/30/zimbra- ... passwords/
But soon I realized that the delegated admin(abc@example.com) can change the password but the option MustChangePassword doesnot work for them. The option cannot be ticked. So, I added a right to the delegated admin +set.account.zimbraPasswordMustChange. But still the option is not available for the delegated admin(abc@example.com) to tick(MustChangePassword). Upon verification the right(set.account.zimbraPasswordMustChange) has been assigned to delegated admin(abc@example.com).

So, what I was trying to say is if there is any way that I can reset all the rights previously assigned to the delegated admin. So, that I could have a fresh start and assign all the rights from the beginning.
If I assign all the rights at the beginning (containing +set.account.zimbraPasswordMustChange) to a new user(xyz@example.com) it works. Here xyz@example.com has never been a delegated admim. The procedure of assigning new rights to already delegated admins seems to be not working (i.e. assigning new rights to existing delegated admins).

Hope I make sense.
And again Sorry for the bad explanation.

Thank You.
shruti.gupta
Zimbra Employee
Zimbra Employee
Posts: 23
Joined: Wed Apr 12, 2023 6:22 am

Re: zimbra remove delegated admin

Post by shruti.gupta »

Yes, it is possible to delete all the rights assigned to the delegated admin using UI on zimbra 10 version.
Go to admin console, mange-> click on any delegated admin account.
In general information -> account setup
1. only keep check box ticked for Administrator attribute
2. remove all other rights assigned like 'Assign default domain administrator views and rights'

After saving, it makes this delegated admin user only able to login to admin-console with no rights provided.
Post Reply