22.214.171.124.1. Combining Access Rights¶
Access rights can combined to set a typical set of “read”, “write” and “full control”, potentially making it easier for client implementors to present their users with an interface to administer the ACLs to their mailboxes easily.
RFC 4314 defines combinations of rights that should resulted in
READ-WRITE response to a
command, depending on whether the user has flag modification rights
such as the t for maintaining
\Deleted flags on messages, and the
w right for maintaining non-
system flags on messages.
The set of rights often referred to as “read-only”. The ACI subject is
allowed to lookup the folder, read its contents and maintain
flags on messages. Meanwhile, the
\Recent flags are maintained for
the ACI subject as well.
The set of rights that could arguably be referred to “semi-full”.
The ACI subject is allowed to lookup the folder, read its contents and
maintain flags on messages, as well as insert new messages in to the
folder, and flag messages as
\Deleted, but not expunge the folder’s
Allowing ACI subjects to flag messages as
\Deleted but not
delegating the right to
EXPUNGE the folder’s contents enables
messages to quickly be restored by ACI subjects themselves, if the
client used can be configured to show or hide messages flagged
Please note that the configuration value of
/vendor/cmu/cyrus-imapd/sharedseen on the folder has no bearing on
\Deleted flag, but only on the
\Seen flag. To be more
precise, all flags other than
\Seen are global.
126.96.36.199.1.3. ACL “Macros”¶
Cyrus administration supports short-hand macros you may use:
Remove any existing ACL for this ACI
188.8.131.52.1.3.2. read (lrs)¶
Grant the ACI read-only access to the mailbox (lookup, read and seen).
184.108.40.206.1.3.3. post (lrsp)¶
Give the ACI read access to the mailbox, and allow them to post to the mailbox using the delivery system (lookup, read, seen and post).
Most delivery systems do not provide authentication, so the
pright usually has meaning only for the “anonymous” user.
220.127.116.11.1.3.4. append (lrsip)¶
The ACI can read and append to the mailbox, either through IMAP, or through the delivery system.
18.104.22.168.1.3.5. write (lrswipkxtecd)¶
The ACI may do pretty much anything with a mailbox, and folders within it.
22.214.171.124.1.3.6. delete (lrxte)¶
The ACI may list, read, delete and expunge messages and delete folders.
126.96.36.199.1.3.7. all (lrswipkxtecda)¶
Same as write, plus admin rights.
188.8.131.52.1.4. Features and Combined Access Rights¶
For most features, ACI subjects need certain access rights on a folder in order to perform or control the feature.