Multi Level Administration (MLA) issue

efernandes67 · ‎08-18-2009

Hi,

I'm having a problem regarding to MLA callmanager 7.x

I created a role "role-MLA", a group "Group-MLA" and a user "userMLA".

The role only has 12 items with "Read+Update" permissions

I associated the only this role and "Standard CCM Admin Users" to this group.

I associated the group to the user .

NOTE: The user is not supposed to have "read only" permissions to all CCM items and neither get the administration of the gateways.

The problem is that when I login with "userMLA" and I go to any "end user", I can change his "Permissions Information" by clicking

"Add to User Group" and add almost every standard group. For example: if I add the "Standard CCM Gateway Administration",

the user gets "Standard CCMADMIN Read Only" and "Standard CCM Gateway Management" roles!!!

Is there a way to resolve this issue? How can I prevent a "restricted user" to add standard groups to another users?

Regards,

Elio

irisrios · ‎08-25-2009

Multilevel Administration Access provides 3 access levels, no access, read access and full access. The reason Full Access is set to User Management Functional Group (Add a New User/Global Directory pages) for Phone Administration User Group is that phone configuration actions can be performed from the User Configuration page (Device association etc).

dialogcco · ‎09-09-2009

Hi,

I'm having the same problem. The restricted user still can add to more powerful user groups by himself.

Did you find a method to fix this?

Thanks.