Unity Connection/Unity multilevel access

Unanswered Question
Feb 28th, 2007

Can anyone tell me if Unity Connection or Unity (although I've never heard of it) is capable of doing multilevel access.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
rob.huffman Wed, 02/28/2007 - 06:29

Hi Joe,

Both Unity and Unity Connection have the ability to set up a type of MLA. Have a look;

For Unity 4.0.5 and later

Class of Service System Access Settings

Class of service system access settings specify which tasks, if any, subscribers including other system administrators can do in the Cisco Unity Administrator. You can customize access to Cisco Unity in several ways. For example, you can deny access to the Cisco Unity Administrator, or deny access to specific pages in the Cisco Unity Administrator, such as COS, subscriber, or distribution list pages.

When you deny access to specific pages in the Cisco Unity Administrator, the links for these pages are disabled for the subscriber. Alternatively, you can specify read, edit, add, or delete privileges for these pages, or can allow subscribers access to subscriber pages only for the purpose of unlocking subscriber accounts or changing subscriber passwords.

Before modifying system access settings for a COS, consider the best practices outlined in the Cisco Unity Security Guide. Refer to the "Best Practices for Modifying and Assigning Classes of Service" section in the "Accounts and Permissions" chapter. The guide is available at http://www.cisco.com/univercd/cc/td/doc/product/voice/c_unity/unity40/usg/ex/index.htm.

From this good Unity doc;


For Unity Connection

Understanding User Accounts

Users without voice mailboxes typically require only administrative access to Connection. These users can have any of six predefined administrator roles assigned to them. Roles specify which tasks administrators can do in Cisco Unity Connection Administration. Connection comes with the following predefined administrator roles:

Audio Text Administrator Administers call handlers, directory handlers, and interview handlers.

Greeting Administrator Manages call handler recorded greetings over the phone by allowing access to the Cisco Unity Greetings Administrator. Note that users with this administrator role assigned to them must also be users with voice mailboxes, because they must be able to access Connection by phone.

Help Desk Administrator Resets user passwords and unlocks user accounts; can view user settings pages.

Technician Has access to all functions that enable management of the voice messaging system server and phone system integration settings; can run all reports and use diagnostic tools; and can view all system and user settings pages.

User Administrator Administers user accounts; has access to all user administration functions, can run user-related reports, and can use user administration tools.

System Administrator This is the top-level administrator role; has access to all administration functions, including all user and system settings, all reports, and all administration and diagnostic tools. The default administrator account that the installer specified during initial setup of Cisco Unity Connection is set to this role.

Administrator roles can be assigned to users with voice mailboxes, but as a best practice we recommend that Connection administrators not use the same user account to log on to Connection Administration that they use to log on to the Cisco Personal Communications Assistant to manage their own Connection messages.

To see the specific privileges for each administrator role, go to System Settings > Roles and click the name of each role.

From this Unity Connection doc;


Hope this helps!


mdury Thu, 01/17/2008 - 07:47


I have setup up a COS called Tier 1 in my Unity 5.0 Lab. The COS should have the rights to basically EDIT any subscriber.

I notice that if i give tier 1 subscriber "subscriber edit " access, then the subscriber has the ability to change their own COS to a higher administrator COS.This is a problem for us

The other option is to stroke it to "read" and stroke the "can unlock subscriber accounts and change passwords" which is too restrictive

Any ideas here?


mdury Thu, 01/17/2008 - 07:53

Rob Please disregard, I must have been confused, it is working as expected


This Discussion