diff --git a/docs/model-acl.md b/docs/model-acl.md new file mode 100644 index 000000000..376714c06 --- /dev/null +++ b/docs/model-acl.md @@ -0,0 +1,21 @@ +Editing a domain administrator or a mailbox user allows to set restrictions to that account. + +**Important**: For overlapping modules like sync jobs, which both domain administrators and mailbox users can be granted access to, the domain administrators permissions are inherited, when logging in as mailbox user. + +Some examples: + +1. + +- A domain administror has **not** access to sync jobs but can login as mailbox user +- When logging in as mailbox user, he does not gain access to sync jobs, even if the given mailbox user _has_ access when logging in directly + +2. + +- A domain administror **has** access to sync jobs and can login as mailbox user +- The mailbox user he tries to login as has **not** access to sync jobs +- The domain administrator, now logged in as mailbox user, inherits its permission to the mailbox user and can access sync jobs + +3. + +- A domain administrator logs in as mailbox user +- Every permission, that does **not** exist in a domain administrators ACL, is automatically granted (example: time-limited alias, TLS policy etc.) diff --git a/docs/firststeps-sender_rcv.md b/docs/model-sender_rcv.md similarity index 100% rename from docs/firststeps-sender_rcv.md rename to docs/model-sender_rcv.md diff --git a/mkdocs.yml b/mkdocs.yml index 60559feb5..1aa7349ae 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -16,7 +16,7 @@ markdown_extensions: - pymdownx.tilde - pymdownx.extra - footnotes -pages: +nav: - 'Information & Support': 'index.md' - 'Prerequisites': - 'Prepare Your System': 'prerequisite-system.md' @@ -33,7 +33,9 @@ pages: - 'Setup a relayhost': 'firststeps-relayhost.md' - 'Logging': 'firststeps-logging.md' - 'Local MTA on Docker host': 'firststeps-local_mta.md' - - 'Sender and receiver model': 'firststeps-sender_rcv.md' +- 'Models': + - 'Sender and receiver model': 'model-sender_rcv.md' + - 'ACL': 'model-acl.md' - 'Debugging & Troubleshooting': - 'Introduction': debug.md - 'Logs': 'debug-logs.md'