I performed the following steps:
0.) Installed Liferay as user 'liferay' on RHEL. Let's assume everybody who knows the system password of user 'liferay' has the role 'Liferay System Administrator'
1.) Logged in to my just installed Liferay SO web application as a non privileged Liferay user. ( In that case the authentication happens by using my company's Active Directory)
2.) Then I created a new IMAP email account in the 'Mail' section of the 'My Home' site. (So the email account was in that case also my company email account). => The emails were syncronized between the IMAP server and Liferay's IMAP client
==> That happened behind the scene:
- In Liferay's data directory (which means in the subfolder mail) a new folder was created named by the IMAP email account mentioned above
- A lots of my emails where cached in that folder
==> The issue/'request for improvement' now is the following:
- A 'Liferay System Administrator' (see role description above) now would be able to read all my cached emails, but maybe a person with that particular role should not have the permission to read the emails of everybody who uses the Liferay email client. In fact the emails are stored in HTML and so they are human readable.
- Would it be possible to include some kind of encryption/decryption based on the users email password here?