cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3750
Views
0
Helpful
12
Replies

Cisco Unity Connection: Give a User Permissions to use RTMT

r.rung
Level 1
Level 1

Hello Cisco Support Community,

 

i'm searching for a way to give a user the permission to use the Real-Time Monitoring Tool.

i tried to give the user the same roles as my default admin acount has (Audit Administrator and System Administrator).

now the user can do all the admin tasks, but when he starts rtmt it gives me: "Access forbidden"

any ideas?

 

i tried it with CUC 9.1(2)SU1

12 Replies 12

ma.romero
Level 2
Level 2

Hi,

Try to add this Role in the Application User or End User:

The user can access to the admin page of cucm but only with read permission and he can access to the RTMT.

Regards.

 

hello romeo,

thanks for the answer, but this does not work in unity connection.

OK, that is for CUCM. So sorry.

Regards

davrojas
Level 3
Level 3

Hello r.rung,

On "searching for a way to give a user" do you mean a mailbox user or an admin user?

If you just try with the System Administrator role do you get the same message?

Are you using an RTMT (Real Time Monitoring Tool) version downloaded from the CUC admin page or are you attempting with the RTMT donwloaded from CUCM?

If you CUC is a cluster have you tried logging into the other node?

 

Have you tried re-installing rtmt?

 

Regards,

9avi9

 

Hello davrojas,

 

thanks for the answer.

basically i wanted to give a mailbox user the right to start rtmt. but for you i tested both:

1. an LDAP Imported mailbox user with the Role "System Administrator"

2. an LDAP Imported admin user with the Role "System Administrator"

3. an AXL-Imported mailbox user with the Role "System Administrator"

all 3 are giving me: Access forbidden. Forbidden

If i type in a different password i get another error, so the authentication works correct.

i tried reinstalling RTMT and the same RTMT works fine for the default admin user which i created in the installation phase.

just to give you an idea why i want to do this: i want to enable Single Singn on for RTMT for Unity Connection. and when i enabled it i need the Permission for an LDAP User because there is no way to enter credentials any more after that.

Hello r.rung,

Unfortunately i must say this is a bottleneck type of situation and expected as this uses the OS admin account. You can only have one OS admin account and several application admin users, you cannot create other separate OS admin accounts.

 

Regards,

9avi9

ok, so this means:

Basically Single Sign on for RTMT Tool is a supported Feature for Unity Connection, but you can't really use it because there is no way to give an ldap user the permission to use RTMT, right?

Hello r.rung,

 

Based on the following link:

 http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/connection/8x/security/guide/8xcucsecx/8xcucsec061.html

 

"

Cisco Unity Connection 8.6 and later versions support the single sign-on feature that allows end users to log in once and gain access to use the following Cisco Unity Connection applications without signing on again:

Cisco Personal Communications Assistant

Web Inbox

Cisco Unity Connection Administration

Cisco Unity Connection Serviceability

"

 

Where exactly did you read it was supported for RTMT (Real Time Monitoring Tool) ?

ohh your right.

i'm sorry. just the availability of the option to enable sso for rtmt is no indication that this is really supported. my mistake...

Hello r.rung,

 

The option to enable sso depends on the version of RTMT (Real Time Monitoring Tool) and the Application you are using it for as well.

 

On the guide below for RTMT version 9.0.1 you will see it is supported for IM and Presence server, but nowhere is CUC mentioned.

 

Cisco Unified Real-Time Monitoring Tool Administration Guide, Release 9.0(1)

http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/service/9_0/rtmt/CUCM_BK_CA3A517A_00_cisco-unified-rtmt-administration-90/CUCM_BK_CA3A517A_00_cisco-unified-real-time-monitoring-tool_chapter_01000.html

 

So i think we can wrap this one up  :)

 

Hi

 

Try to create an additional user in CUC CLI using set account command with the privilege 0 or 1, I hope it may workout.

i tried it with the set account cli command, but it gives me: Access is denied, please make sure user name and password ... are correct.

because you can't use an os account for RTMT...

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: