cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1476
Views
0
Helpful
8
Replies

CUCM 8.6.2 Help Desk User Group

Johannes Snyman
Level 1
Level 1

Hi,

i'm trying to create a user group on cucm for our service desk. they should only be able to access the end user configuration pages in order to change PIN/Passwords.

Cisco has a document explaining how to do this (http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/admin/8_0_2/ccmsys/a02mla.html#wp1043930
).

however, after following the doc, the service desk user cannot log in to the ccmadmin webpage. every time login info is entered, the authentication page simply resets. no error  (e.g. invalid password, etc) is provided.

does anyone know how to fix this issue? i've added screenshots to show exactly what i have done.

many thanks!!

johan

8 Replies 8

Aman Soi
VIP Alumni
VIP Alumni

Hi,

Can u try changing from Standard CCM End Users to Standard CCM Admin User and check?

regds,

aman

Hey Aman,

i figured it out:

1. create a custom user role that has read/update privileges to user web pages

2. Create a custom user group that includes the custom role, as well as the Standard CCM Admin Users role.

3. Apply user group to user.

please note that even though the service desk administrator will only be able to get to the end user configuration page with this setup, he'd still be able to change his own user group (to SuperUser, for instance) since the configuration is done on the same webpage.

Hi John,

Good the problem has been solved.

This is what I told or made some mistake.Please let me know.

Can u share the latest snapshot?

regds,

aman

Hi Aman,

i've attached the updated config.

regards,

Johan

Hi John,

So, u need to add CCM End User as well.

thanks.

regds,

aman

no, it's not needed. i've added it because i still want my service desk users to be able to log into the ccm web user pages. it's not necessary for limiting access on ccmadmin webpages.

regards,

Johan

he'd still be able to change his own user group (to SuperUser, for instance) since the configuration is done on the same webpage

 

Has anyone found a work around which stops someone from elevating their own permissions?

Hi Craig,

 

the best solution that i have been able to find is to limit users who can assign administrative privileges to superusers. you obviously need to make sure that only the authorised administrators are assigned to the superuser group.

 

to change this:

System>Enterprise Parameters>User Management Parameters>Allow non-super user to grant access to administrative web pages  - Change the value to False.

 

HTH,

Johan

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: