the cisco CCM features and services guide says:
(The level that you assign to the authorization code determines whether the user can route calls through
FAC-enabled route patterns. To successfully route a
call, the user authorization level must equal or be
greater than the authorization level that is specified
for the route pattern for the call.)
how and where do i assign the user authorization level for FAC?
Maybe this is what you are looking for;
To implement FAC, you must devise a list of authorization levels and corresponding descriptions to define the levels. You must specify authorization levels in the range of 0 to 255. Cisco allows authorization levels to be arbitrary, so you define what the numbers mean for your organization. Before you define the levels, review the following considerations, which represent examples or levels that you can configure for your system:
Configure an authorization level of 10 for interstate long-distance calls in North America.
Because intrastate calls often cost more than interstate calls, configure an authorization level of 20 for intrastate long-distance calls in North America.
Configure an authorization level of 30 for international calls.
Tip Incrementing authorization levels by 10 establishes a structure that provides scalability when you need to add more authorization codes.
Adding Forced Authorization Codes
After you design your FAC implementation, you enter authorization codes either in Cisco CallManager Administration or through the Cisco Bulk Administration Tool (BAT). Consider using BAT for large batches of authorization codes; the comma separated values (CSV) file in BAT serves as a blueprint for authorization codes, corresponding names, and corresponding levels. For future reference, make sure that you update your dial plan documents or keep a printout of the CSV file with your dial plan documents.
To add a small number of authorization codes in Cisco CallManager Administration, perform the following steps:
Step 1 In Cisco CallManager Administration, choose Feature > Forced Authorization Code.
Step 2 In the upper, right corner of the window, click the link, Add a New Forced Authorization Code.
Step 3 Configure the authorization codes by using the configuration settings in Table (Below)
Configuration Settings for FAC
Authorization Code Name
Enter a unique name that is no more than 50 characters. This name ties the authorization code to a specific user or group of users; this name displays in the CDRs for calls that use this code.
Enter a unique authorization code that is no more than 16 digits. The user enters this code when the user places a call through a FAC-enabled route pattern.
Enter a three-digit authorization level that exists in the range of 0 to 255; the default equals 0. The level that you assign to the authorization code determines whether the user can route calls through FAC-enabled route patterns. To successfully route a call, the user authorization level must equal or be greater than the authorization level that is specified for the route pattern for the call.
Step 4 Click Insert.
Step 5 Repeat Step 2 through Step 4 to add all authorization codes.
Step 6 After you add all authorization codes, see the "Enabling Forced Authorization Codes for Route Patterns" section.
From this good doc;
Hope this helps!
I already read this part in the CCM admin guide,
but I'm asking specifically about is this:
as I understood, a user who has FAC auth level equal or greater than the auth level for the route pattern he will permitted to go through...
now, how and where to assign a user auth level for FAC (let's say 10,20,45,....) so that when this user auth level = or greater than R.P auth level the call will go...
Hi MS .. let me try and explain :
1. Assign FAC to different route patterns:
eg. you have two route patterns with FAC enabled:
a. 9001! for international calls with FAC enabled and "Authorization level" is set to 20.
b. 98xxxxxxx for long distance calls with FAC enabled and "Authorization level" is set to
Now you have to create FAC in different Authorization level, for example:
FAC 12345 in Authorization level 10
FAC 54321 in Authorization level 20
The FAC 54321 can use both route pattern a & b, as the Authorization level is higher or
equal to the authorization level defined in the route pattern.
The FAC 12345 can only use the route pattern b. The FAC 12345 can only make long distance
call and it is not permitted to make international calls.
2. user specific FAC.
You can create as many as FACs you want. eg. your company has 1000 users, you can create 1000 FACs with unique number and advise the FACs to different users.
Paul --> 11111 Authorization level 10
Peter ----> 22222 Authorization level 10
Ping ----->33333 Authorization level 20
thanks a lot bjamaspi
u clarifies how FAC works in a very nice way, and make it easy to me now to re-ask my question that still not unaswered, that is,
where precisley do I assign Paul an Authorization level of 10
and Peter Authorization level of 10 and so on...
in the CCM web admin ?
since i did not find any option to assign a user an auth level when i do create this user in the ccm admin ..
You need to go to the user and let him know his FAC code. Let me try once again :
Route Pattern :
1. 9.011! Auth Level 20 (International Calls)
2. 9.@ Auth Level 10 (National )
FAC Code :
1. 12345 Auth Level 20
2. 54321 Auth Level 10
Go to the users and let them know their FAC Codes :
Mr. Jamaspi, your FAC Code is 12345
Mr. MS, your Fac Code is 54321
Hence Jamaspi would be able make National & International calls both however MS would be able to only make National Calls.
Just to add a note to Behram's excellent info. It is important to remember that the FAC Codes are not entered against a user in the user or device profile in CCM. Once the code is created it must be given to the user and is not to be shared (much like a PIN or Password).
Hope this helps!
thanks excellent notes guys !!
but let me make sure for something before closing this ticket that is, if a user (based on Behram's assumptions) has a FAC auth level of 50 then he will be asked for his code and onced entered he will go through (for either one of the two route patterns)
also if a user with auth level of 5 will dial (either one of the route patterns) then he will be prompted for his code but when entered he will be denied from placing his call.
is this right? please correct me if i'm wrong!