Role required to enable mailbox creation

jdaviescoates

@nebulon said in Role required to enable mailbox creation:

it may actually make a lot of sense to allow the usermanager role to also manage mail related things. Not sure yet, feedback welcome.

Yes, I think User Managers should be able to create email accounts too, given that in many cases a new user will also need a mailbox.

micmc

@jdaviescoates said in Role required to enable mailbox creation:

@nebulon said in Role required to enable mailbox creation:

it may actually make a lot of sense to allow the usermanager role to also manage mail related things. Not sure yet, feedback welcome.

Yes, I think User Managers should be able to create email accounts too, given that in many cases a new user will also need a mailbox.

And I can only agree with that guys.

potemkin_ai

@nebulon is there any updates on this?

girish

@potemkin_ai Can you tell your use case a bit more? Would this have to be at a domain level? Or server/cloudron level? Can a user add mailboxes for other users or just himself?

potemkin_ai

@girish sure - the idea is to separate system administrator from mail & users administrator.

In my particular case I'm taking care of the OS & system things and don't touch or care about user's account and mailboxes; my partner doesn't want to care about how things works, he cares about users accounts and mailboxes.

Hope that makes sense!

girish

@potemkin_ai I see, so you don't want your partner to be an admin either i.e cannot configure/install apps ? And neither can they start/stop mail server or configure the mail server settings. Just add mailboxes/lists/aliases ?

(Just trying to think what this means code wise internally. A person who can just add mailboxes still has to be able to list domains, for example).

msbt

@girish what I would want is something like a domain-administrator, who can add users/email and apps (or maybe with the option not to install apps) for one or more domains, so they can't interfere with admins from other domains

girish

@msbt yeah, that would promote shared hosting style setups. Internally, Cloudron is designed for single tenant setups. For example, one has to be careful to not "leak" domains/users/apps/settings to other tenants. People will then want to brand each tenant landing page separately, have settings per tenant and so on. Not sure we want to go into that direction yet.

msbt

@girish hah true, I'll try again next year

potemkin_ai

@girish what about just a normal organization level rights separation?
I mean - it's really two different set of roles:

• 1st line support, dealing with mailboxes
• 2nd or 3rd, making sure the system and services are up and running.

I don't need hiding anything, I just want to ensure my users can manage they mailboxes and users for they own.

For now I have to temporary give admin permissions to the 1st line and that's kind of risky...