Cisco Unity 4.2 Build 4.2(1) Web SA

Unanswered Question
May 12th, 2008
User Badges:

Does anyone know of a way to add a user to Unity so that they are able to open the web SA without granting them access to the server or the administrator group on the server? We have tried to associate the users subscriber account to the unity admin account, have tried the grantunityaccess cli... Everything we try will not work unless we add them to our Unity Admin group on the unity server which we'd rather not do... It would allow them to rdp to the box etc etc... Give me your ideas... All the cisco stuff I read says they either have to be added to the admin group or the domain admin group... there is a bit about an account that must at least have the right to log on locally so that administrators can log on to the cisco unity administrator (SA) from a computer other than the cisco unity server... but it's not clear how to do that. We could create a local account and try that but we'd rather use a regular domain account and just not give them admin rights... Any way to do that??

Thanks..

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Rob Huffman Mon, 05/12/2008 - 16:08
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 IP Telephony, Unified Communications

Hi Kerry,


You may have seen this, but I thought just in case :)


For Unity 4.0.5 and later


Class of Service System Access Settings


Class of service system access settings specify which tasks, if any, subscribers including other system administrators can do in the Cisco Unity Administrator. You can customize access to Cisco Unity in several ways. For example, you can deny access to the Cisco Unity Administrator, or deny access to specific pages in the Cisco Unity Administrator, such as COS, subscriber, or distribution list pages.


When you deny access to specific pages in the Cisco Unity Administrator, the links for these pages are disabled for the subscriber. Alternatively, you can specify read, edit, add, or delete privileges for these pages, or can allow subscribers access to subscriber pages only for the purpose of unlocking subscriber accounts or changing subscriber passwords.


Before modifying system access settings for a COS, consider the best practices outlined in the Cisco Unity Security Guide. Refer to the "Best Practices for Modifying and Assigning Classes of Service" section in the "Accounts and Permissions" chapter. The guide is available at http://www.cisco.com/univercd/cc/td/doc/product/voice/c_unity/unity40/usg/ex/index.htm.


From this good Unity doc;


http://www.cisco.com/en/US/products/sw/voicesw/ps2237/products_administration_guide_chapter09186a0080449c55.html#wp1053445




Hope this helps!

Rob

kerryjudy Tue, 05/13/2008 - 06:22
User Badges:

Thanks for the quick reply Rob... Yes, we have tried assigning users to the (default administrator) COS but the problem stems from users not being able to access the web page on the server where the unity adminitration (Web SA) actually runs from unless they are admins or have administrator privileges. Without admin privileges on the box users can't even launch the link to the web SA... Anyone have an idea to get this to work? Thanks...

ranpierce Tue, 05/13/2008 - 06:38
User Badges:
  • Silver, 250 points or more

When you used grantunityaccess what account did you associate it with?


try this


grantunityaccess -u domain\account -s installer


Untiyadmin is linked to the insaller account.


hope this works


rlp

Actions

This Discussion