10-13-2006 01:44 AM - edited 03-18-2019 06:28 PM
I'm trying to set a COS for administrator access to create & delete subscriber accounts.
The administrator with this service should not be able to create reports, look at system, Network etc
But because they can create accounts & manage those account it?s a very simple process to grant your self full admin rights just by changing your own COS
is there a way of stopping that?
Any help pointers would be appreciated..
TIA
J
10-13-2006 04:51 AM
Hi Jeff,
Have a look at this excellent Unity doc;
Class of Service System Access Settings
CoS access settings specify which tasks subscribers, including other system administrators, can perform in the Cisco Unity Administrator. You can customize access to Cisco Unity in several ways. For example, you can deny access either to the Cisco Unity Administrator or to specific pages within the Cisco Unity Administrator, such as CoS, subscriber, or distribution-list pages.
When you deny access to specific pages within the Cisco Unity Administrator, the links for these pages are disabled for the subscriber. Alternately, you can specify read, edit, add, or delete privileges for these pages or allow subscribers access to subscriber pages for the sole purpose of unlocking subscriber accounts or changing subscriber passwords.
From this good doc;
Create Subscriber Accounts That Can Access Unity Administrator
http://www.cisco.com/en/US/products/sw/voicesw/ps2237/products_tech_note09186a00807103d0.shtml#task1
Hope this helps!
Rob
Please remember to rate helpful posts.....
10-13-2006 05:26 AM
Rob,
thanks for the reply - my issue is that when I give a subscriber a new COS that has 'system access' and enables them to add subscribers it also enables them to change their own COS to a higher access i.e administrator (full access to the SA page!). I want to be able to change a subscribers COS so that they can only add subscribers and do nothing else.
Cheers
Jeff
10-13-2006 07:28 AM
I think part of the reasoning there is when you create a subscriber you can select the COS (or subscriber template that references the COS) - so even if you can't change your own COS you can create a new user that has more admin rights and log in as that user anyway. The concept of limiting which templates and/or COS instances you have access to when creating a new subscriber is not accounted for (this concept starts to get pretty sticky in a hurry). The admin team's assumption was if you can create subscribers you are a trusted admin. Editing existing subscribers can be much more limited - the idea being you have someone creating subscribers you trust and area managers or the like can change limited numbers of items on those subscribers ongoing.
10-16-2006 12:17 AM
Jeff
thanks for confirming.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide