
Access Control
**************

Note: Cyrus IMAP documentation is a work in progress. The completion
  of this particular part of the documentation is pending the
  resolution of Task #51.

Cyrus IMAP features powerful access control compliant with **RFC
2086**, **RFC 4314**, **RFC 5257** and **RFC 5464**.

Combined, this provides powerful mechanisms to enable or restrict
access to information contained within the Cyrus IMAP mailspool.


Discretionary Access Control
============================

Cyrus IMAP employs discretionary access control, meaning that users
themselves are in charge of what folders are shared, and with whom.

Two means exist to suppress sharing folders between users:

1. Revoke the a (administration) right on all mailboxes in the
   personal namespace for each user.

2. Suppress the listing of the Other Users Namespace by enabling
   "disable_user_namespace" in imapd.conf(5).

      "disable_user_namespace:" 0

         Preclude list command on user namespace.  If set to 'yes',
         the LIST response will never include any other user's
         mailbox.  Admin users will always see all mailboxes.  The
         default is 'no'

See also:

  * Access Control Lists Rights Reference

  * Combining Access Rights

Back to Features
