I've just begun experimenting with the Zimbra ACLs. I have an admin person that I want to allow to use the "adminLoginAs" feature, but just on a few specific accounts.
I've created an Administrator group and added his account as a member. Then on the Configure Grants tab for this group I've given these rights.
It works fine this way, but giving the "adminConsoleAccountRights" at the domain is giving more rights than I want to allow. The adminLoginAs doesn't work if I take that away....they cannot search the domain for the account in the Admin Console. If I give "listAccount" or "getAccount", they can find the account...they can click on the "View Mail" button and it looks like it's going to open the mailbox in a new tab....but it eventually times out.
Just trying to figure out the magic combination to allow the adminLoginAs and nothing else.