cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
210
Views
0
Helpful
1
Replies

CCM 6 Group / Role Security vulnerability!

JeffG1
Level 3
Level 3

In CCM6 if I create an application user, and give them a small subset of rights Such as phone Administration, I have noticed that if that admin has the ability to edit end users they can in turn add end users into Administrative groups! This in effect is a major security vulnerability an administrator with lower rights can create a new end user and give them every role / right to the CCM box (except super user). I have even verified that end user can log into the CCM Admin pages with full rights! What is the point of groups and roles then, am I missing something?

If I do not give phone administrators the ability to edit end user's the phone administrators cannot change an end user's password, or associate phones to their profiles…

1 Reply 1

wyssd
Level 1
Level 1

I wish I had a solution. I am trying to sort out the same dilemma. There is little point in trying to limit access if they can elevate themselves to virtually unlimited access by having update abilities for user accounts.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: