Role required to enable mailbox creation
-
Hi, I setup a system, created a local admin account with User Manager role in it (https://docs.cloudron.io/user-management/#user-manager), but he has no access to create mailboxes for the user - is there any way to enable that feature, without giving Admin permissions?
And just in case, as it's not quite clear in official documentation: e-mail mailboxes are backed up and will be restored in case of the disaster recovery, is that a correct assumption?
-
First for the backup, all mailboxes are part of the backup and thus can be restored. They are part of the platform backup or in Cloudron terms "box" backups.
For the role, there is currently no specific email role and the user manager role also does not apply here. So far we haven't seen much requests regarding those roles, so there is a lot to be improved I think. Also while reading your question, it may actually make a lot of sense to allow the usermanager role to also manage mail related things. Not sure yet, feedback welcome.
To answer your immediate question, the only way to do this is to grant admin rights for this user at the moment.
-
@nebulon thank you! It makes sense for me as well (usermanager role to manage user related things in overall).
That let separate things quite nicely and install Cloudron in more complex environments.
Hope you will make it sooner, rather than later - I'm looking forward to it!
-
@girish probably you can assist?
-
@potemkin_ai at the moment this is not on our immediate list for the next release. It needs further investigation what the side-effects are.
-
@nebulon said in Role required to enable mailbox creation:
it may actually make a lot of sense to allow the usermanager role to also manage mail related things. Not sure yet, feedback welcome.
Yes, I think User Managers should be able to create email accounts too, given that in many cases a new user will also need a mailbox.
-
@jdaviescoates said in Role required to enable mailbox creation:
@nebulon said in Role required to enable mailbox creation:
it may actually make a lot of sense to allow the usermanager role to also manage mail related things. Not sure yet, feedback welcome.
Yes, I think User Managers should be able to create email accounts too, given that in many cases a new user will also need a mailbox.
And I can only agree with that guys.
-
@nebulon is there any updates on this?
-
@potemkin_ai Can you tell your use case a bit more? Would this have to be at a domain level? Or server/cloudron level? Can a user add mailboxes for other users or just himself?
-
@girish sure - the idea is to separate system administrator from mail & users administrator.
In my particular case I'm taking care of the OS & system things and don't touch or care about user's account and mailboxes; my partner doesn't want to care about how things works, he cares about users accounts and mailboxes.
Hope that makes sense!
-
@potemkin_ai I see, so you don't want your partner to be an admin either i.e cannot configure/install apps ? And neither can they start/stop mail server or configure the mail server settings. Just add mailboxes/lists/aliases ?
(Just trying to think what this means code wise internally. A person who can just add mailboxes still has to be able to list domains, for example).
-
-
@msbt yeah, that would promote shared hosting style setups. Internally, Cloudron is designed for single tenant setups. For example, one has to be careful to not "leak" domains/users/apps/settings to other tenants. People will then want to brand each tenant landing page separately, have settings per tenant and so on. Not sure we want to go into that direction yet.
-
M murgero referenced this topic on
-
@girish what about just a normal organization level rights separation?
I mean - it's really two different set of roles:- 1st line support, dealing with mailboxes
- 2nd or 3rd, making sure the system and services are up and running.
I don't need hiding anything, I just want to ensure my users can manage they mailboxes and users for they own.
For now I have to temporary give admin permissions to the 1st line and that's kind of risky...
