Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
302
Views
0
Helpful
1
Replies

Call Manager 3.3 Admin Rights

Go to solution
nickmac74
Level 1
Level 1

‎01-28-2009 08:22 AM - edited ‎03-15-2019 03:49 PM

Bit of an old version for you.....! call manager version 3.3 - where do you assign rights to user profiles? e.g. full rights, read rights, no rights?

user 1 = full rights to change everything

user 2 - to see what is in a profile

user 3 - has no rights at all?

Many thanks in advance

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Huffman
Hall of Fame
Hall of Fame

‎01-28-2009 09:12 AM

Hi Nick,

Multilevel Administration Access

Multilevel administration access provides multiple levels of security to Cisco CallManager Administration. This technique permits granting only the required privileges for a selected group of users and limits the configuration functions that users in a particular user group can perform.

Prior to the availability of multilevel administration access, administrators with read/write access to Cisco CallManager configuration could change any or all the database/directory elements that are accessible through Cisco CallManager Administration and Cisco CallManager Serviceability. Users could inadvertently disable the entire system with a few mouse clicks by accidentally modifying the data to which they do not need access.

Key Features

Multilevel administration access provides multiple levels of security to Cisco CallManager Administration. Cisco CallManager Administration functions comprise functional groups. Each functional group can have different access levels, such as no access, read-only access, and full access, to different user groups. Multilevel administration access also provides audit logs of user logins and access and modifications to Cisco CallManager configuration data.

Login Authentication

Prior to the availability of multilevel administration access, Cisco CallManager administrators logged in using a local NT administration account. With multilevel administration access, directory user names and passwords stored in Lightweight Directory Access Protocol (LDAP) provide the basis for login authentication. Multilevel administration access creates a predefined super user called the CCMAdministrator.

The windows registry stores the CCMAdministrator's user ID and encrypted password. Thus, even when the directory is unavailable, CCMAdministrator can log in to take corrective action. When the user attempts direct access by entering a URL in the browser, a login window displays first to authenticate a user.

--------------------------------------------------------------------------------

Note Applications other than Cisco CallManager Administration and Cisco CallManager Serviceability continue to use Windows basic authentication, which provides access to the local administrator. Multilevel administration access does not affect these applications, which include Trace Configuration and the Real-Time Monitoring Tool (RTMT).

--------------------------------------------------------------------------------

Functional Groups

A functional group includes a collection of Cisco CallManager system administration functions. All the web pages that compose each functional group belong to a common administrative menu. Two types of functional groups exist: standard functional groups, which are the default functional groups, and custom functional groups. Standard functional groups are created as part of multilevel administration access installation. Users may define custom functional groups.

http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/admin/3_3_5/mla124a/mla_a.html#wpxref43540

Hope this helps!

Rob

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Rob Huffman
Hall of Fame
Hall of Fame

‎01-28-2009 09:12 AM

Hi Nick,

Multilevel Administration Access

Multilevel administration access provides multiple levels of security to Cisco CallManager Administration. This technique permits granting only the required privileges for a selected group of users and limits the configuration functions that users in a particular user group can perform.

Prior to the availability of multilevel administration access, administrators with read/write access to Cisco CallManager configuration could change any or all the database/directory elements that are accessible through Cisco CallManager Administration and Cisco CallManager Serviceability. Users could inadvertently disable the entire system with a few mouse clicks by accidentally modifying the data to which they do not need access.

Key Features

Multilevel administration access provides multiple levels of security to Cisco CallManager Administration. Cisco CallManager Administration functions comprise functional groups. Each functional group can have different access levels, such as no access, read-only access, and full access, to different user groups. Multilevel administration access also provides audit logs of user logins and access and modifications to Cisco CallManager configuration data.

Login Authentication

Prior to the availability of multilevel administration access, Cisco CallManager administrators logged in using a local NT administration account. With multilevel administration access, directory user names and passwords stored in Lightweight Directory Access Protocol (LDAP) provide the basis for login authentication. Multilevel administration access creates a predefined super user called the CCMAdministrator.

The windows registry stores the CCMAdministrator's user ID and encrypted password. Thus, even when the directory is unavailable, CCMAdministrator can log in to take corrective action. When the user attempts direct access by entering a URL in the browser, a login window displays first to authenticate a user.

--------------------------------------------------------------------------------

Note Applications other than Cisco CallManager Administration and Cisco CallManager Serviceability continue to use Windows basic authentication, which provides access to the local administrator. Multilevel administration access does not affect these applications, which include Trace Configuration and the Real-Time Monitoring Tool (RTMT).

--------------------------------------------------------------------------------

Functional Groups

A functional group includes a collection of Cisco CallManager system administration functions. All the web pages that compose each functional group belong to a common administrative menu. Two types of functional groups exist: standard functional groups, which are the default functional groups, and custom functional groups. Standard functional groups are created as part of multilevel administration access installation. Users may define custom functional groups.

http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/admin/3_3_5/mla124a/mla_a.html#wpxref43540

Hope this helps!

Rob

0 Helpful
Customers Also Viewed These Support Documents