Using ACLs and Shared Folders
How Do Permissions Work in DBMA
- ACL / ACL List
- IMAP4 Access Control Lists (ACL's) (RFC 2086) provide the option to
share IMAP folders. If you do not have any shared folders, this is your
tool to create them. DBMA first checks your system to make certain that
the critical system accounts exist within Group 0.
- Popular IMAP Feature
- Remember that once you have created the infrastructure and assigned
some administrative rights (SETACL) to key trusted users, your Shared
Folder Forest under #Users is likely to grow fast. #Public folders can
be controlled exclusively by you, the Mail System Administrator, or you
can give Administrative Access Rights to #Public/folders to trusted
users or Group Admins.
- How To Start Sharing #Public Folders with DBMA
- Select "ACL" from the main screen. Type the name of the folder you wish
to create and press "Create Shared Folder." DBMA will do the rest. DBMA
will assign limited user access rights to "anyone". If "anyone or
__public__ does not exist on your system, DBMA will create them for you.
- The Global function screen for ACLs also has an Access Rights tool for
manually adding a folder to a users ACL or updating any user for any
shared folder. Be careful how you use this as it is a powerful and
highly flexible tool.
- Any User Account Window provides a means to manage specific user
access rights to shared folders. You can permit users to have higher
privileged access rights or even administration rights. To understand
these rights, hold your cursor over the text block at the bottom which
corresponds to the item for which you seek help. Or click help.
- Configuring the MUA (Mail User Agent)
- Once you have your shared folders set up and appropriate user rights
assigned (for anyone), you will want to get your email client
configured to subscribe to these folders. The internet is abound with
opinions on what is the best email MUA (Mail User Agent - Email Client).
If you are using Thunderbird or a fairly new Mozilla Mail, you are in
luck. These MUAs will "subscribe" to the shared folders in a flash. You
can drag and drop or copy to, move to or whatever you like in these
- With Microsoft's Outlook Express and Outlook you will need to do a
little coaxing. Select the account and click on "IMAP4 Folders". Don't
try to first subscribe to #Public after you "Reset List". Instead,
select just the sub folders of #Public and subscribe to them. Close the
"Folders" window. Reset the list of folders. Next open "IMAP4 Folders"
again and select #Public. Close. This two-step process of subscribing to
the subfolders first and then later subscribing to the root #Public
seems to work. You should be in business.
- Useage Example
- Here is a usage example of IMAP4 Shared Folders. Let's say you have
some pictures you want to show many people on your mail server. Create a
folder or use what you have and create a message containing with your
pictures and save it in your drafts folder with a subject line "Pictures
of me Winning The Lottery" or whatever. Next, select the email in your
drafts folder and copy it to your "Common Shared Folder". Now 'anyone'
has access. Hopefully your target audience is not using one of the ACL
Shared Folders 'unfriendly' MUAs. You perhaps can share the following
- How To Start Sharing #User Folders with DBMA
- If you select and add a set of Access Rights to "bob/shared", it will
be available across the system under #Users but no one will be able to
share it unless you assign Access Rights to additional users; or allow
bob SETACL (Admin) rights for that folder and he can do it all for you.
- You manage individual user rights from the User Account Window and
manage #Public and #User rights from the global Access Control List
Tools (select ACL on the Main Screen).
Assigning rights to #Users/folder can be done with the DBMA Access
Control List Tools after the #User/folder has been shared from the User
Account Window. The first step is to go to the User Account Window,
create the shared folder by assigning the owner full Access Rights. Next
you return to the DBMA ACL Tools and select the new shared #User/folder
you created and one after another add the users need ing acces rights on
- All ACL Permissions are set to either 1-On or 0-Off
- lookup_flag: mailbox is visible to LIST/LSUB commands
- read_flag: SELECT the mailbox, perform CHECK, FETCH, PARTIAL SEARCH,
COPY from mailbox
- seen_flag: keep seen/unseen information across session
- write_flag: STORE flags other than SEEN and DELETED
- insert_flag: perform APPEND, COPY into mailbox
- post_flag: send mail to submission address for mailbox
- create_flag: CREATE new sub-mailboxes in any implementation defined
- delete_flag: STORE DELETED flag perform EXPUNGE
- administer_flag: perform SETACL