Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
380
Views
0
Helpful
5
Replies

Unity - Administrative Access activity report

arielroza
Level 1
Level 1

‎03-10-2008 07:18 AM - edited ‎03-18-2019 08:35 PM

Hi, everyone.

I am advising a customer to deal with a potential security breach in his Unity Server.

I advised him to use individual user accounts to administer the server, asigning the Default Administrator CoS to each subscriber.

That worked fine, but when we used the Reports option to generate an Administrative Access report for All administrators, we found that the changes made with the new accounts do not get included in the report.

Are we doing something wrong? are we missing something?

Besides asigning the CoS, I am also using GrantUnityAccess, but as the domain users already have a valid subscriber in Unity, it seems useless...

Thanks!

Ariel

Labels:
0 Helpful
5 Replies 5

Ginger Dillon
VIP Alumni
VIP Alumni

‎03-10-2008 09:24 AM

Hi Ariel -

When you ran the GrantUnityAccess for these users, did you use installer as the default account to be associated with each? Since you already have these users in the Default Admin COS, you should not need the GrantUnityAccess utility, which may be the reason you are not getting the detail information in the Admin Access report. As a test you could remove the users from GrantUnityAccess and then have them perform a couple of subscriber related activities. Rerun the Admin access report. The only reason we use GrantUnityAccess to for our Unity Admins that are not admins on another Unity server, but also need to manage subscribers there. I'm thinking you should be OK without it on that one server.

Ginger

0 Helpful

arielroza
Level 1
Level 1
In response to Ginger Dillon

‎03-10-2008 09:36 AM

Ginger,

No, I tried to associate each Windows account with its corresponding subscriber, which I know now that it's pointless.

The problem I have is that the report seem to only list the action for the EAdmin and Installer profiles only.

I don't want to associate the subscribers to any of those profiles, because I can't distinguish between them in the report.

Am I being clear enough?

Thanks for being there, Ginger.

0 Helpful

Ginger Dillon
VIP Alumni
VIP Alumni
In response to arielroza

‎03-10-2008 10:12 AM

Hi -

I forgot to mention in my previous note, unsure if it matters, but I don't use the default Admin COS. I create a new one that has exactly the administrative access I want to control. For example, you may want the users to be able to add/delete users, but not work with Call Handlers. Or for example, our Help Desk users only have access to resetting voicemail passwords for subscribers on that server. So, are you saying you already removed these users from GrantUnityAccess and had them test making some subscriber updates, and the Admin access report still shows only the EAdmin and installer profiles?

Ginger

0 Helpful

arielroza
Level 1
Level 1
In response to Ginger Dillon

‎03-10-2008 10:31 AM

Ginger,

Almost. I added those users with grantunityaccess -u DOMAIN\User -s User, but running grantunityaccess -l afterwards did not show them in the list.

And because they are not shown, i did nothing to remove them from it.

Yes, I made them update a subscriber, and did not show up in the report.

0 Helpful

arielroza
Level 1
Level 1

‎05-19-2008 07:46 AM

Solved,

We were just not waiting enough time for the data to get included in the reports. That ussually takes around 20 minutes

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents