Table Of Contents
Permissions Set by the Cisco Unity Permissions Wizard
Permissions Set for Exchange 2000
Permissions Set for the Installation Account
User Rights
Group Membership
Active Directory Permissions
Permissions Set For the Directory Services Account
User Rights
Group Membership
Active Directory Permissions
Permissions Set For the Message Store Services Account
User Rights
Group Membership
Exchange Permissions
Permissions Set for Exchange 5.5
Permissions Set for the Installation Account
User Rights
Group Membership
Permissions Set for the Directory and Message Store Services Account
User Rights
Group Membership
Permissions Set by the Cisco Unity Permissions Wizard
This appendix enumerates the permissions set automatically by the Cisco Unity Permissions wizard. Some accounts also require that Exchange permissions be set manually. For more information, see the "Setting Exchange Permissions" section on page 2-54.
This appendix contains the following sections:
•Permissions Set for Exchange 2000
•Permissions Set for Exchange 5.5
For information about using the Permissions wizard, see the "Setting Rights and Permissions with the Cisco Unity Permissions Wizard" section on page 2-50.
Permissions Set for Exchange 2000
Permissions Set for the Installation Account
When you run the Permissions wizard, the following permissions are set for the installation account.
User Rights
The installation account is granted the following user rights:
•Log on as a service.
•Act as part of the operating system.
•Log on as a batch job.
Group Membership
The installation account is added to one of the following groups:
•The Administrators group, when the Cisco Unity server is a domain controller.
•The Local Administrators group, when the Cisco Unity server is not a domain controller.
Active Directory Permissions
If any Exchange 2000 users will be Cisco Unity subscribers (regardless of whether any Exchange 5.5 users will also be Cisco Unity subscribers), the Cisco Unity Permissions wizard sets the permissions listed in Table D-1 for the installation account.
Table D-1 Active Directory Permissions Set by the Cisco Unity Permissions Wizard for the Installation Account
Container
|
Permission
|
Where new users are created
|
Applied onto this object only
•Create User objects
•Create Contact objects
Applied onto User objects
•Read properties
•Write properties
•List contents
•Read permissions
•Modify permissions
•Change password
•Reset Password
•Delete
Applied onto Contact objects
•Read properties
•Write properties
•List contents
•Read permissions
•Modify permissions
•Delete
|
Where new groups are created
|
Applied onto this object only
•Create Group objects
Applied onto Group objects
•Read properties
•Write properties
•List contents
•Read permissions
•Modify permissions
•Delete
|
Where Cisco Unity location objects are created
|
Applied onto this object and all child objects
•Create CiscoEcsbuUMLocation objects
Applied onto CiscoEcsbuUMLocation objects
•Full control
|
Where Cisco Unity Bridge contacts (if any) are created
|
Applied onto this object and all child objects. Set only if Cisco Unity will use the Cisco Unity Bridge.
•Create contact objects
Applied onto contact objects. Set only if Cisco Unity will use the Cisco Unity Bridge.
•Read properties
•Write properties
•List contents
•Read permissions
•Modify permissions
•Delete
|
Where imported objects are imported from
|
Applied onto User objects
•Read properties
•Write properties
•List contents
•Read permissions
•Modify permissions
•Change password
•Reset Password
•Delete
Applied onto Group objects
•Read properties
•Write properties
•List contents
•Read permissions
•Modify permissions
•Delete
Applied onto Contact objects
•Read properties
•Write properties
•List contents
•Read permissions
•Modify permissions
•Delete
|
Root container in the Cisco Unity server's home domain
|
Applied onto this object and all child objects
•Create organizational unit objects
|
Permissions Set For the Directory Services Account
When you run the Permissions wizard, the following permissions are set for the directory services account.
User Rights
The directory services account is granted the following user rights:
•Log on as a service.
•Act as part of the operating system.
•Log on as a batch job.
Group Membership
The directory services account is added to one of the following groups:
•The Administrators group, when the Cisco Unity server is a domain controller.
•The Local Administrators group, when the Cisco Unity server is not a domain controller.
Active Directory Permissions
If any Exchange 2000 users will be Cisco Unity subscribers (regardless of whether any Exchange 5.5 users will also be Cisco Unity subscribers), the Cisco Unity Permissions wizard sets the permissions listed in Table D-2 for the service account.
Table D-2 Active Directory Permissions Set by the Cisco Unity Permissions Wizard for the Directory Services Account
Container
|
Permission
|
Where new users are created
|
Applied onto this object only. Set only if creating users via Cisco Unity Administrator is allowed.
•Create User objects
Applied onto this object only. Set only if creating contacts via Cisco Unity Administrator is allowed.
•Create Contact objects
Applied onto User objects
•Read properties
•Write properties
•List contents
•Read permissions
•Modify permissions
•Change password
•Reset Password
•Delete
Applied onto Contact objects
•Read properties
•Write properties
•List contents
•Read permissions
•Modify permissions
•Delete
|
Where new groups are created
|
Applied onto this object only. Set only if creating groups via Cisco Unity Administrator is allowed.
•Create Group objects
Applied onto Group objects
•Read properties
•Write properties
•List contents
•Read permissions
•Modify permissions
•Delete
|
Where Cisco Unity location objects are created
|
Applied onto this object and all child objects
•Create CiscoEcsbuUMLocation objects
Applied onto CiscoEcsbuUMLocation objects
•Full control
|
Where Cisco Unity Bridge contacts (if any) are created
|
Applied onto this object only. Set only if Cisco Unity will use the Cisco Unity Bridge.
•Create Contact objects
Applied onto Contact objects. Set only if Cisco Unity will use the Cisco Unity Bridge.
•Read properties
•Write properties
•List contents
•Read permissions
•Modify permissions
•Delete
|
Where imported objects are imported from
|
Applied onto User objects
•Read properties
•Write properties
•List contents
•Read permissions
•Modify permissions
•Change password
•Reset Password
•Delete
Applied onto Group objects
•Read properties
•Write properties
•List contents
•Read permissions
•Modify permissions
•Delete
Applied onto Contact objects
•Read properties
•Write properties
•List contents
•Read permissions
•Modify permissions
•Delete
|
Deleted Objects
|
Applied onto child objects in every domain that contains Cisco Unity subscribers or groups
•Read properties
•List contents
|
Permissions Set For the Message Store Services Account
When you run the Permissions wizard, the following permissions are set for the message store services account.
User Rights
The message store services account is granted the following user rights:
•Log on as a service.
•Act as part of the operating system.
•Log on as a batch job.
Group Membership
The message store services account is added to one of the following groups:
•The Administrators group, when the Cisco Unity server is a domain controller.
•The Local Administrators group, when the Cisco Unity server is not a domain controller.
In addition, the message store services account is added to the Exchange Domain Servers group
Caution The account that Cisco Unity message store services log on as cannot be a member of the Domain Admins group or be an Exchange 2000 administrator.
Exchange Permissions
The message store services account is granted the following permissions on every Exchange 2000 mailstore in the Exchange organization:
•Send-As
•Receive-As
Permissions Set for Exchange 5.5
Permissions Set for the Installation Account
When you run the Permissions wizard, the following permissions are set for the installation account.
User Rights
The installation account is granted the following user rights:
•Log on as a service.
•Act as part of the operating system.
•Log on as a batch job.
Group Membership
The installation account is added to one of the following groups:
•The Administrators group, when the Cisco Unity server is a domain controller.
•The Local Administrators group, when the Cisco Unity server is not a domain controller.
Permissions Set for the Directory and Message Store Services Account
When you run the Permissions wizard, the following permissions are set for the directory and message store services account.
User Rights
The directory and message store services account is granted the following user rights:
•Log on as a service.
•Act as part of the operating system.
•Log on as a batch job.
Group Membership
The directory and message store services account is added to one of the following groups:
•The Administrators group, when the Cisco Unity server is a domain controller.
•The Local Administrators group, when the Cisco Unity server is not a domain controller.