Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
369
Views
8
Helpful
4
Replies

Unity COS admin rights

jeff.singh_2
Level 3
Level 3

‎10-13-2006 01:44 AM - edited ‎03-18-2019 06:28 PM

I'm trying to set a COS for administrator access to create & delete subscriber accounts.

The administrator with this service should not be able to create reports, look at system, Network etc

But because they can create accounts & manage those account it?s a very simple process to grant your self full admin rights just by changing your own COS

is there a way of stopping that?

Any help pointers would be appreciated..

TIA

J

Labels:
0 Helpful
4 Replies 4

Rob Huffman
Hall of Fame
Hall of Fame

‎10-13-2006 04:51 AM

Hi Jeff,

Have a look at this excellent Unity doc;

Class of Service System Access Settings

CoS access settings specify which tasks subscribers, including other system administrators, can perform in the Cisco Unity Administrator. You can customize access to Cisco Unity in several ways. For example, you can deny access either to the Cisco Unity Administrator or to specific pages within the Cisco Unity Administrator, such as CoS, subscriber, or distribution-list pages.

When you deny access to specific pages within the Cisco Unity Administrator, the links for these pages are disabled for the subscriber. Alternately, you can specify read, edit, add, or delete privileges for these pages or allow subscribers access to subscriber pages for the sole purpose of unlocking subscriber accounts or changing subscriber passwords.

From this good doc;

Create Subscriber Accounts That Can Access Unity Administrator

http://www.cisco.com/en/US/products/sw/voicesw/ps2237/products_tech_note09186a00807103d0.shtml#task1

Hope this helps!

Rob

Please remember to rate helpful posts.....

jeff.singh_2
Level 3
Level 3
In response to Rob Huffman

‎10-13-2006 05:26 AM

Rob,

thanks for the reply - my issue is that when I give a subscriber a new COS that has 'system access' and enables them to add subscribers it also enables them to change their own COS to a higher access i.e administrator (full access to the SA page!). I want to be able to change a subscribers COS so that they can only add subscribers and do nothing else.

Cheers

Jeff

0 Helpful

lindborg
Cisco Employee
Cisco Employee
In response to jeff.singh_2

‎10-13-2006 07:28 AM

I think part of the reasoning there is when you create a subscriber you can select the COS (or subscriber template that references the COS) - so even if you can't change your own COS you can create a new user that has more admin rights and log in as that user anyway. The concept of limiting which templates and/or COS instances you have access to when creating a new subscriber is not accounted for (this concept starts to get pretty sticky in a hurry). The admin team's assumption was if you can create subscribers you are a trusted admin. Editing existing subscribers can be much more limited - the idea being you have someone creating subscribers you trust and area managers or the like can change limited numbers of items on those subscribers ongoing.

jeff.singh_2
Level 3
Level 3
In response to lindborg

‎10-16-2006 12:17 AM

Jeff

thanks for confirming.

0 Helpful
Customers Also Viewed These Support Documents