Delegated Authority Settings
From ZeXtras Suite Wiki
|Language:||English • español • português|
|This documentation is outdated.|
|Please refer to https://docs.zextras.com|
Delegated Authority Settings in Zimbra
"Delegated Authority" is a built-in feature of both Zimbra Open Source Edition and Zimbra Network Edition that allows an Administrator to grant "send as" and "send on behalf of" rights so that a user can send emails using another local address - including aliases' and Distribution Lists' - as the "from" address.
Targets and Grantees
For reasons of clarity, it's better to begin by defining the following terms before delving into the details of this feature:
- "Target" - the user/distribution list that the "grantee" will be able to send "as" or "on behalf of".
- "Grantee" - the user(s) who will be able to send emails "as" or "on behalf of" the target user. The grantee can both be an user or a whole domain.
The "Target" refers to an email address, while the "Grantee" defines a user identified by an email address.
As for all Zimbra rights, the "sendAs" and "sendOnBehalfOf" rights are set "passively" - meaning that the right is not a property of the "grantee" account, but of the "target" account itself.
Types of Delegated Authority rights
There are 2 Delegated Authority rights:
- sendAs: Allows the grantee to set the delegated address as the "from" address in its emails.
- sendOnBehalf: Allows the grantee to send emails "On Behalf Of" the delegated address.
The main difference between the two is that using the "sendAs" right will make the email effectively appear as being sent by the Delegated address, while using the "sendOnBehalf" will make both the grantee's address and the Delegated one appear in the email.
Example 1: "sendAs" The firstname.lastname@example.org user has granted "sendAs" rights to the "email@example.com" user. An email sent BY firstname.lastname@example.org AS email@example.com TO firstname.lastname@example.org will contain, among others, the following headers: From: "Target Address" <email@example.com> To: "Recipient Address" <firstname.lastname@example.org> No reference to "email@example.com" will be found in the headers (unless specifically set - e.g. as the reply-to address)
Example 2: "sendOnBehalfOf" The firstname.lastname@example.org user has granted "sendOnBehalf" rights to the "email@example.com" address. An email sent BY firstname.lastname@example.org ON BEHALF OF email@example.com TO firstname.lastname@example.org will contain, among others, the following headers: From: "Target Address" <email@example.com> Sender: "Grantee Address" <firstname.lastname@example.org> To: "Recipient Address" <email@example.com> The "firstname.lastname@example.org" address can be found in the "Sender" header. The vast majority of email clients will display both addresses to the user.
Delegated Authority and mail aliases
Grants are made per-account, meaning that all grantees will be able to send as/o.b.o. the main target address and/or any allowed alias alike.
This is a very important condition to keep in mind when setting up delegated rights.
A quick way around this is to create a single-member Distribution List instead of an alias, in order to grant the wished rights only for the distribution list's address. Aliases are also bound to account rules such as the "Out of Office" message while Distribution Lists are not, so make sure to choose the most suitable option!
Delegated Authority management with ZeXtras Suite
As part of the ZeXtras Free Tools, ZeXtras Suite adds a "Delegated Authority" pane to the "General Information" section of all users and distribution lists, allowing for a quicker and easier access to such feature.
This section presents a list of current grantees/rights along with the typical "Add/Edit/Delete/Help" action buttons.
- Add Delegate: add a new entry to the list. You can select the grantee and the related rights.
- Edit Permissions: edit the Delegated Authority settings for a grantee.
- Delete: Revoke all rights for a grantee.
This section allows to choose which aliases are available to grantees along with the user's/distribution list's main address.
All grantees will be able to send as/on behalf of all aliases included in the "Allowed" list.