We have a helpdesk and we would like to delegate to them the ability to change Unity subscriber information and passwords without sharing the administrator level passwords. I don't see where this is possible from within the Unity Admin pages. Does anyone have an idea of how this can be done? We are using Unity 4(2).1
This is possible via the Subscriber COS.Have a look;
For Unity 4.0.5 and later
Class of Service System Access Settings
Class of service system access settings specify which tasks, if any, subscribers including other system administrators can do in the Cisco Unity Administrator. You can customize access to Cisco Unity in several ways. For example, you can deny access to the Cisco Unity Administrator, or deny access to specific pages in the Cisco Unity Administrator, such as COS, subscriber, or distribution list pages.
When you deny access to specific pages in the Cisco Unity Administrator, the links for these pages are disabled for the subscriber. Alternatively, you can specify read, edit, add, or delete privileges for these pages, or can allow subscribers access to subscriber pages only for the purpose of unlocking subscriber accounts or changing subscriber passwords.
In addition to Rob's excellent post, I have some additional information in case you have multiple Unity servers which need to be handled by your Help Desk. The COS will only work for the Unity server in which your Help Desk are subscribers. If your Help Desk need to administer passwords, for example, on other Unity servers, here is how to do this:
- On each Unity server, create a new subscriber. You can standardize on a name like HelpDesk_unityservername. Use a dummy extension, which you can get from your CallManager's dial plan.
- Put this userid into the COS that has only the SA access required, i.e. authorized to reset subscriber passwords.
- Using the grantunityaccess utility in Unity Tools Depot, associate each Help Desk user's domain account (domain\userid) with this HelpDesk_unityservername userid.
- Repeat this step for each Unity server you have in your environment.
P.S. Kudos and 5-points to Rob for the great response :-)
Thanks for the information it helped a lot. I am using the method Ginger suggested because I have three unity servers that I need them to administer. These boxes are all part of the same AD Domain. Now I have another problem, I can run the GrantUnityAccess from one of the servers, but on the other two I get the following error when I try to run the utility:
In the command syntax, the -s xxxxx must be a local subscriber on that Unity server. If AbrahamBendayan is a subscriber on another Unity server, this is why the command is not working. If that is the case, create a dummy subscriber on the Unity server and give it a dummy phone extension. Assign it to the correct COS. Then rerun the grantunityaccess and use that account for the -s xxxxx.
You have reached the Cisco Logistics Support Center.. To Check Status of
your RMA, visit Product Returns & Replacements (RMA). Need help? Contact
us by Phone or Email. North Americas Phone: 1800 553 2447 Option 4
Email: email@example.com Europe Phone: +3...
The short answer is that you don't.... That isn't entirely true while at
the same time it kind of is, but for the most part you don't configure
the softkeys. You enable or disable them via TCL. Here is the long
answer. Be sure to read the whole thing or e...
Topology: IP Phone > Switches > Microsoft NPS setup to forward 802.1x
proxy to > ISE 2.1 patch 3 Authentication: EAP-TLS using Cisco MIC SANs
Phone Models 802.1X support? 802.1x flavor Addtl Comment EAP-MD5 EAP-TLS
Cisco 3905 Y Y N Cisco 6911 Y Y N Cisco ...