Unity Connection Voicemail users can log into Administration page

Unanswered Question
Jun 19th, 2009

I am running Unity Connection 1.2(1). Traditionally, I have blocked all client access to Unity Connection. I would like to start piloting some PCA and IMAP access to some clients, but I'm running into some potential security concerns.

Due to the PCA requiring HTTPS access to the server, the Unity Connection Administration login web page is now available to clients as well. If they slightly change the URL I provide to gain access to the PCA login page they can get the Administration login page. That's not the problem so much as the fact that a standard voicemail user is able to log into the Administration web page! Once they are logged in most items are not accessible to them and say 'Not Authorized' if they are clicked on, but the reports are fully accessible and a standard voicemail user can run any report on the server.

As some additional info, voicemail users do not have any 'Roles' assigned to them.

My question is: Is there a way to restrict access to the Administration page so that ALL items are inaccessible to standard voicemail users? I do not want my voicemail users to be able to run any reports at all. It would be better if they could not log into the Administration page in the first place and I see this as a serious design flaw in Unity Connection if it cannot be fixed easily.

Any help on this issue would be greatly appreciated.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
lfulgenzi Sat, 06/20/2009 - 06:58

Hi Brian,

You'd think so, but unfortunately not as far as I know. Don't feel too bad though, it's still an issue in Connection 7.x!

Although they can log in and traverse the tree, they shouldn't be able to see anything.

Tana Franko Sat, 06/20/2009 - 15:01

Just to add to the response a bit, the reports (and everything else under Cisco Unity Connection Serviceability) in version 2.1 and above are inaccessible -- it doesn't even allow such users to log in to the Serviceability interface.

bacland Mon, 06/22/2009 - 07:32

The problem, though, is that they CAN see some things. They are able to run any of the built-in reports.

Has that part been resolved in further releases of Unity Connection? Is the reports access just an issue in 1.2?

Tana Franko Tue, 07/07/2009 - 10:59

Right, in 2.1 and above the Reports are under Serviceability. Serviceability is not accessible even for viewing. So while users can still log into the System Administration interface and see the page links, there is no link to access Reports from there.

Hope that makes sense. :-)


This Discussion