Hello All:
DBMA Version 2.1.0 (09-26-04) enables an Administrator to 'hard-code'
DBMA to restrict administrative access to a single DbMail "Group"
(client_idnr).
Why?
This is ideal for Help Desk or Level One Support situations where you
want personnel to perform mail-user management on a specific group
(client_idnr) of DbMail accounts without allowing full DbMail database view.
You can also use DBMA(RESTRICTGroupID-mode) on a end-to-end secure and
authenticated Web resource (authenticated SSL) with which your external
customers' Administrator or internal/remote departments' Administrator
could manage their own DbMail accounts. In the case where there are only
single known users of the resource you could easily use a self-issued
High Grade Encryption (AES-256 256-bit) server certificate if you don't
have nor want the cost of a 'store-bought' Server Cert (i.e. Thawte,
VeriSign, SSL, etc.). (http://www.ssl.com/ now offers an SSL128SCG2.5
single-domain Cert for under $100. USD).
Multiple instances of DBMA can be used to Administer multiple "DbMail
Groups/Clients" by designated personnel without any overlap and with
access only to a single group (client_idnr) of mail accounts uniquely
allowed to each designated "Group/Client" Administrator.
To implement this mode, DBMA is first configured like normal in the
configurations GUI. Then "root" opens the main script (DBMA.cgi) in a
text editor; a comment hash mark is removed; and the client_idnr number
for the group to which DBMA will be restricted is entered. (Detailed
instructions are in the top of the script and in README.) At this point
no further GUI access is available to the configurations window nor
global list/add/delete/search etc. functions. Administration rights
exist only for the single group you enable. More info is at
http://dbma.mobrien.com/DBMA-FAQ.htm.
Setting RESTRICTGroupID mode (see http://dbma.mobrien.com/DBMA-FAQ.htm
for full details)
- removes access to all Global Functions
- removes access to DBMA Configuration GUI
- limits administration access to a single group
- prevents duplicate user accounts across mail Groups
- returns a notice and denies access when the group
administrator's search returns a user outside his/her
assigned group
In the (default) standard configuration, DBMA continues to enable full
access to your entire DbMail system database for managing users, finding
mail, etc. and save some minor tweaks and security enhancements is
relatively unchanged.
DBMA V2.1.0 is available at http://library.mobrien.com/dbmailadministrator/
Please help yourself.
best...
Mike
