I am running Unity Connection 1.2(1). Traditionally, I have blocked all client access to Unity Connection. I would like to start piloting some PCA and IMAP access to some clients, but I'm running into some potential security concerns.
Due to the PCA requiring HTTPS access to the server, the Unity Connection Administration login web page is now available to clients as well. If they slightly change the URL I provide to gain access to the PCA login page they can get the Administration login page. That's not the problem so much as the fact that a standard voicemail user is able to log into the Administration web page! Once they are logged in most items are not accessible to them and say 'Not Authorized' if they are clicked on, but the reports are fully accessible and a standard voicemail user can run any report on the server.
As some additional info, voicemail users do not have any 'Roles' assigned to them.
My question is: Is there a way to restrict access to the Administration page so that ALL items are inaccessible to standard voicemail users? I do not want my voicemail users to be able to run any reports at all. It would be better if they could not log into the Administration page in the first place and I see this as a serious design flaw in Unity Connection if it cannot be fixed easily.
Any help on this issue would be greatly appreciated.