How to Create Admin Delegation in Zimbra OSE

Posted by

In this article, I will show you how to create another admin in Zimbra OSE with restricted access. New admins will have features to create, delete, modify accounts, distribution lists, and aliases.

1. Create a user from Zimbra Admin or via CLI that will be admin. Or you can change the existing user become an admin

2. Create a script

vi /srv/delegate-admin.sh

Please fill with the following line

#!/bin/bash

# $1 for account
# $2 for domain
# run script ./delegate-admin.sh newadmin@imanudin.net imanudin.net

zmprov ma $1 zimbraIsDelegatedAdminAccount TRUE zimbraAdminConsoleUIComponents accountListView zimbraAdminConsoleUIComponents downloadsView zimbraAdminConsoleUIComponents DLListView zimbraAdminConsoleUIComponents aliasListView zimbraAdminConsoleUIComponents resourceListView

zmprov grr global usr $1 adminLoginCalendarResourceAs
zmprov grr global usr $1 domainAdminZimletRights
zmprov grr domain $2 usr $1 domainAdminRights
zmprov grr domain $2 usr $1 domainAdminConsoleRights
zmprov grr domain $2 usr $1 adminConsoleAliasRights
zmprov grr domain $2 usr $1 modifyAccount
zmprov grr domain $2 usr $1 countAlias
zmprov grr domain $2 usr $1 -configureAdminUI
zmprov grr domain $2 usr $1 -get.account.zimbraAdminConsoleUIComponents
zmprov grr domain $2 usr $1 -get.dl.zimbraAdminConsoleUIComponents
zmprov grr domain $2 usr $1 -set.account.zimbraIsDelegatedAdminAccount
zmprov grr domain $2 usr $1 -set.dl.zimbraIsAdminGroup

Give execution access

chmod +x /srv/delegate-admin.sh

3. Change normal user to admin

su - zimbra
/srv/delegate-admin.sh newadmin@imanudin.net imanudin.net

Now you can login to Zimbra Admin with a new admin account. Below is a screenshot when login with a new admin

Good luck 🙂

Source: Zimbra Wiki

13 comments

  1. When trying to create an account, the following error occurs: “Message: permission denied: need right: assignCos for cos bla bla bla”
    OBs: zimbra 8.8.15 FOSS

    To avoid this error, the delegated user must be able to assign the COS
    then the following must be executed manually or tune in the script:
    $ zmprov grr cos [COS name] usr [delegated-user@domain] +assignCos

  2. hi there is it possible to create an admin account but that account cannot create emails or delete them?

    Thank you

  3. hy imandin.
    How to remove “delete account” option from Delegate admin access. admin only change password fromweb console zimbra

Leave a Reply to Khalifa Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.