Currently there's nothing on any roadmaps I've seen for customizable roles - I think a few more granular roles may be added to the system.
however it sounds like a custom role isn't really what you want - you want to be able to apply that role to a user who then has a limited scope to apply it (i.e. limit their activity to a defined set of users/handlers/objects). this has been talked about in the context of tenant type application administration but so far as I know nothing is comitted at this point.
I've been toying with the idea of scope access using external tools like Audio Text manager but it's a tough problem to solve well given all the possible links into/off of every object - it'll take a chunk of work.
The suggestion to use a seperate account for admin rights is pretty standard best-practice stuff - as a rule you don't want to have, say, super user (root) rights on the account you log into the network with every day for checking email and such - you want to use a seperate account that you use for special access. The same applies here - as a rule it's best to have your everyday voice mail access account seperate from your super-user admin account. One of those things like not running with scissors, it's just a good idea.
I think custom roles would be a good thing. For example, the User Administrator has a few extra things I'd rather not give to people. A lot of viewing, and some creating/deleting where I wouldn't expect it, i.e. partitions and search spaces.
The tenant based approach is something that I'm looking for as well.
Regarding the seperate userIDs, still not getting the picture. We would only log into the admin console when we would need to do admin things anyways. Having everyone have to remember another userID/password is going to end up with a "group" userID/password, which I think is worse. I'll have to think about that some more.
Any thought about putting the admin console on a different port than the user pages? I'd like to be able to use ACLs to allow only trusted networks to access the admin web pages.
no argument about custom roles - not arguing otherwise. Opening them up for custom setting is a bit more involved than it probably should be (some custom code for enforcing a few of those such as the remote admin role that make it tricky).
The seperate logins is just a suggestion, not a directive - ultimately such things come down to personal taste.
not sure on the ports - something the admin crew and the security OS folks would have to agree on - I can ping the Admin folks for an opinion at any rate...
I created a new account that was given just the help desk role and this user was allowed to change the password of the system administrator. This doesn't seem logical that a help desk user is allowed to change the password of a system administrator. This is UC version 7.
I'm not able to access my old voice mail messages all of a sudden. The recording says something like 'the message is currently not available'. This has never happened before in all the years I have been using this system. I have t...
If you have 2 ISR routers, one acting as Failover, do we need to have both the same number of SRST licenses on the 2 routers?
No. You will only need the SRST licenses on the primary router. Because this feature...