Occasionally, Human Resources or a successor needs access to a former employee's mailbox. A better set of permissions for this case is simply "lr", allowing list and read access while preventing changes.
To revoke permissions, issue a setacl command with empty quotes in place of the privilege flags: setacl user/jqpublic jsixpack "" . Mail clients that present an Other Users folder should remove that folder after this change, but the client might need a restart.
The privilege flags are:
* (l) Lookup (mailbox visible to # LIST/LSUB/UNSEEN)
* (r) Read (SELECT, CHECK, FETCH, PARTIAL, SEARCH, COPY source)
* (s) Seen (STORE \SEEN)
* (w) Write flags other than \SEEN and \DELETED
* (i) Insert (APPEND, COPY destination)*
* (p) Post (send mail to mailbox)
* (c) Create and Delete mailbox (CREATE new sub-mailboxes, RENAME or DELETE mailbox)
* (d) Delete (STORE \DELETED, EXPUNGE)
* (a) Administer (SETACL)
Privilege flags section
No comments:
Post a Comment