Results 1 to 4 of 4

Thread: Prevent admins from accessing user e-mails

Hybrid View

  1. #1
    Join Date
    Sep 2008
    Location
    Latvia
    Posts
    165
    Rep Power
    7

    Default Prevent admins from accessing user e-mails

    Have not found any discussion on this matter, as, probably, for onsite inhouse (or within local admin control) ZCS installations this might be not necessary. But anyway...

    We are planning to evolve our server administration and customer support services for our customers (as a small ISP) and I was bothering about our customers' data security. For sure, we are planning several layers of access, including administration of ZCS servers and customer accounts. But for now, I have not found any reasonable solution to prevent ZCS server administrators to access our customers' data in mailboxes.

    What might be considered as a good practice to limit or control such access? Our potential customers often ask this question. For now, I do not have any specific answer, rather relying on trust, long term business targets, etc. Can anybody share their thoughts or solutions for that?

    The one, that comes in my mind, is artificially limit such admin's access via controlling log files and providing decent support system - e.g. no admin access to user accounts should happen, if no relevant support ticket is issued or in progress. But still this might be a fight after bad things happen. As well, how to limit permissions or accessibility for senior/junior admins, as senior might be the most trusted ones (again trust).

    Another - letting somebody to administer ZCS from CLI only, by not letting access to admin interface, but this might be a partial solution, and has to be controlled outside Zimbra stack.

    What are good practices at your place, guys, dealing with multi-domain customers?

  2. #2
    Join Date
    Jan 2010
    Posts
    161
    Rep Power
    5

    Default

    For our helpdesk - we created an admin group that does not have access to view users's mail. They can do almost everything else - but they cannot view.

    You need to create a distro - then configure grants and views. Then you need to make a user an 'admin' and assign that distro as their role. I think specifically you need to take away adminLoginAs.

    (-adminLoginAs)

  3. #3
    Join Date
    Sep 2008
    Location
    Latvia
    Posts
    165
    Rep Power
    7

    Default

    i2ambler. Thank you for your point, but I am missing info on distro (assuming you are mentioning Distribution list). Or these features are available on ZCS NE?

  4. #4
    Join Date
    Sep 2008
    Location
    Latvia
    Posts
    165
    Rep Power
    7

    Default

    i2ambler, actually thank you for keyword - adminLoginAs. As far as I managed to find out, these settings are really available only for NE, as I could not manage to find any settings in admin UI. And internet forums/blogs have notice, that this does not work on OSS edition, although could not find workarround or at least confirmation for ZCS v7.1+. And Zimbra forums after changing of my search keywords became full of results. Have to take time to investigate.

    Any other thoughts or ideas from guys working on OS edition?

    Thanx again!

Similar Threads

  1. Replies: 21
    Last Post: 02-04-2010, 09:06 AM
  2. DNS Questions and Trouble Installing
    By smurraysb in forum Installation
    Replies: 22
    Last Post: 03-14-2008, 03:27 PM
  3. Post instsallation problems
    By Assaf in forum Installation
    Replies: 14
    Last Post: 01-29-2007, 10:38 AM
  4. Services stopped working
    By lilwong in forum Administrators
    Replies: 4
    Last Post: 08-15-2006, 09:19 AM
  5. Fedora Core 3, Clean Install - Not working!
    By pcjackson in forum Installation
    Replies: 17
    Last Post: 03-05-2006, 06:38 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •