• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion
  • Please beaware of a breaking change in the REST API on the next Plesk release (18.0.62).
    Starting from Plesk Obsidian 18.0.62, requests to REST API containing the Content-Type header with a media-type directive other than “application/json” will result in the HTTP “415 Unsupported Media Type” client error response code. Read more here

plesk 11.5: too much information on :8443 panel for simple users

S

Sven L.

Regular Pleskian
Hello,

my customers need webmail. as roundcube plugins are not integrated with plesk yet, mailbox users need to access the :8443 panel to manage their spam and auto-reply options

PROBLEMS:

1) This is extremely important. User role has everything DISABLED except "Configure spam filter":
why on earth can simple mailbox users see that "account" tab with waaaaaay too much information? i don't even want their boss to see this kind of information, yet it is available to EVERYBODY? what the hell?
why did parallels think a simple and low-level mailbox user would need to see domain resources or domain permissions? and why would ANYBODY need to see the subscription plan names? those names are private and for internal use of the system admin and owner (me)

2) a bit less important: i dont want simple mailbox users to be able to see or modify forwarding rules. how can this be hidden/disabled?
 
Last edited:
Hi Sven ,

I'm not sure what you are doing

If you log in to the panel with the email address as username and the attached password all you will see is the email settings and you will not be able to change anything else

To Allow people to log in with their email you have to enable the panel access on the email address properties

You should not create users for them

Steve
 
One more thing

If you go to users as subscription admin you can see the list of your users
All email only user should be listed as application user or application user x
Make sure that these groups have no rights
In default they would not have anything allowed unless you changed the groups
 
Here is how to reproduce:


1) create a new mailbox and add the option to let that user log into the :8443 panel

2) assign a user role. for my example i used the user role "application user"

3) if not done previously, add "Configure spam filter" to that user role, because we need users to be able to handle their black/white list. all other permissions in that user role are "denied"

4) log into the :8443 panel with that user and you'll see two tabs at the top of the screen: "mail" and "account"

5) read my first post again
 
Sven L. said:
3) if not done previously, add "Configure spam filter" to that user role, because we need users to be able to handle their black/white list. all other permissions in that user role are "denied"
Click to expand...

This is where your problem is coming from
you gave the user administrative rights, that made the account page visible

without this it looks like this:

http://prntscr.com/1r6guv

If you grant any panel services to the user, the "account" will become visible

so after this, i believe your problem is that you wish to give users rights to change their spam filter and maybe antivirus settings but would not want them to be able to see the "account" page

which sounds slightly differently from what you wrote i think

because you wrote:
and even turning this off doesnt make any difference for what concerns me
Click to expand...
and if you turn off spam filtering, it account option changes to "My Profile"
 
Turning "Configure spam filter" will remove the "account" option

any panel service, you grant access to will cause the account page to become visible, as those are administrative roles, and an administrator can see that

So I think what you would like to say is:

"Would it be possible to give spam filter / antivirus management to email accounts without granting them admin roles"
 
I removed "(and even turning this off doesnt make any difference for what concerns me)" from my initial post as you're right: this was not the case.


Anyways, the way I see it, a regular normal webmail user, needs to be able to manage his/her white/black list. And there need to be a way to do this without him seeing all that info shown in the "account tab"

I don't care about the details and I don't care about how to fix it. I want it fixed.

Any help to get this fixed or any information from parellels if this is going to be fixed is welcome.
 
You must log in or register to reply here.

Similar threads

O
Forwarded to devs Weak Postfix security configuration
Replies
6
Views
2K
Viktor Vogel
Viktor Vogel
Automata
  • Poll
Input FEATURE REQUEST: Add SSH2 extension to PHP default extensions to improve security.
Replies
2
Views
2K
Automata
Automata
I
Question Plesk Web Presence Builder - EOL cancelled?
Replies
1
Views
7K
Will-NYESDigital
Will-NYESDigital
danami
Input Warden Antispam & Virus Protection Extension for Plesk
6 7 8
Replies
150
Views
32K
danami
danami
E
How to migrate your services to a server managed by Plesk Panel
Replies
1
Views
2K
Kingsley
Kingsley
Back
Top