Help with MiaB user permissions

Hi All,

So far I have a new MiaB install up and running without issue and have been able to solve every issue and answer every question I’ve had so far with info I’ve found on the forum or docs except one.

I have spent several hours going over this forum but I am new to MiaB so if I have missed the answer to this somewhere else I apologize.

When I add a user I can add them as an admin or a normal user. I’d like to be able to add a user with permissions somewhere in between.

Specifically I’d like to add a user that can add/manage email address and forwarders, and maybe see system messages but nothing else. With this I could task a manager to help or give a client access to manage their email server in a limited way.

Is there a way to set or add additional user types that I have missed? If so please point me in the right direction.

If not can someone point me in the right direction to possibly add this functionality on my own? I’ve got some programming experience and don’t mind getting my hands dirty if that’s what I need to do.

Thanks for any help anyone can offer!

Right now there is no way to do that. What you can do though is write a script that can give them partial access to the admin API. I wrote a DNS Management portal for users to setup their own subdomain if they have an account in the management script.

However - Reading your post, MIAB offers NO WAY to manage the server in the way you want, a custom script will work with the API to do that you will just have to manage a LOT of stuff in order to liimit users from getting another clients data.

That being said you should not be using MIAB for this as it is unsupported to do the “inbetween” stuff right now (and possibly never).

I recommend using iRedMail, it has this feature you are looking for. (They have a community and paid version, only the [paid version has the feature)

If you want to look at the DNS script I was talking about:

Thanks for the info @murgero.

Based on my hunting around yesterday I figured the answer would be something like what you said.

I had looked at iRedMail, and a hand full of others, before I decided on MiaB. I chose MiaB vs iRedMail because Miab does nearly everything I need without any of the stuff I don’t want. iRedMail is a strong application but, based on the feature comparison between the OS and Pro versions, the OS version doesn’t offer nearly enough to what I needed and the Pro version, while looking very robust, has all kinds of stuff I don’t want or need but would have to manage if I installed it.

After looking at dozens of options for email server set ups, webmail applications, groupware application, etc I decided on Miab because for me and what I need/want Miab was/is the best offering out there by a large margin.

I will definitely look at your DNS management script and dig in to MaiB more and see what I can come up with. Writing something for MiaB directly would be a great excuse to work in Python.

Do you think the MiaB API is robust enough to do what I want? I’m asking 'cause I have been writing custom PHP based web applications and CMSs for years. If the API offers the functionality I need to add/remove email accounts and view system messages I could build a web portal with its own ACL to gain the functionality I want without modifying MiaB.

I did look at the advanced sections under Users and Aliases and it looks like I can add/remove/modify email addresses but I don’t see anything for getting system info through the API. Any thoughts?

Thanks again for your help and ideas, and for all your work on MiaB and in the forum. I really appreciate it!

System info can be gotten from a script in the ~/mailinabox/tools directory.

As for everything else:

  • There is API for creating, deleting, etc for Email addresses, domains, and Custom DNS records using the API (See each respective page in the admin panel, each page documents it’s own API if it has one. (THERE IS NO API FOR MANAGING EMAIL MESSAGES, QUOTAS, OR DRIVE SPACE. For that you will need to figure that out in the scripting language you use.)

  • Permissions you MUST handle on your own. Since all API calls MUST be done through an admin account for MIAB you must make sure ALL API calls are legitimate. You will have to limit users to their own stuff somehow. (I did this by just keeping track of what the user creates and only allowing them access to that. Your script will need a database of some kind. I highly recommend PHP for scripting and MySQL (or SQLite) for the DB (HOWEVER python will of course work as needed as well, I wont be able to help with python as I do not know python).

Good luck.