Home | Skip to Content | Skip to Search | Skip to Navigation | Skip to Footer |
Worldwide [change] |Register |About Cisco
Guest

Hierarchical Navigation

Cisco Unified Communications Manager (CallManager)

CallManager 5.x: Roles and Permissions

Downloads

Document ID: 98796


Contents

Introduction
Prerequisites
      Requirements
      Components Used
      Conventions
CallManager 5.x User Management
Application User
      End User Configuration
Role Management
User Group Configuration
      Assigning Roles to a User Group
      Viewing a User's Roles, User Groups, and Permissions
Troubleshoot
      Login to the Personal Directory Fails
NetPro Discussion Forums - Featured Conversations
Related Information

Introduction

This document describes the roles and privileges of the different user groups in Cisco Unified CallManager 5.x and their management.

Prerequisites

Requirements

Cisco recommends that you have knowledge of Cisco Unified CallManager Administration.

Components Used

The information in this document is based on Cisco Unified Communications Manager 5.1 and 6.x.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

Refer to Cisco Technical Tips Conventions for more information on document conventions.

CallManager 5.x User Management

In Cisco Unified CallManager 5.x, user groups comprise lists of application users and end users. A user can belong to multiple user groups. After you add a user group, then you add users to a user group. Afterward, you can proceed to assign roles to a user group. If a user belongs to multiple user groups, the User Management Parameters Effective Access Privileges For Overlapping User Groups and Roles enterprise parameter determines the effective privilege of the user. This parameter determines the method to resolve overlapping resource privilege when a user is a member of more than one user groups and/or a group contains multiple roles. If set to maximum, the user is granted the highest privilege for the resources. If set to minimum, the user is granted the lowest privilege for the resources. The default is maximum.

ccm5-roles-perms1.gif

Application User

Application user configuration allows updates to the application users that are associated with Cisco CallManager. By default, Cisco CallManager Administration includes these application users:

  • CCMAdministrator

  • CCMSysUser

Note: You cannot delete these default application users, but you can change their passwords and modify the lists of devices that they control. By default, the CCMAdministrator password specifies ciscocisco. The person that uses this application user ID should change the default password for this application user after logging on.

End User Configuration

The End User Configuration window in Cisco Unified CallManager Administration allows the administrator to add, search, display, and maintain information about Cisco Unified CallManager end users.

Note: You can add new end users through Cisco Unified CallManager Administration only when synchronization with the corporate LDAP server is disabled. When synchronization is disabled, you can add new users and you can change the settings of existing users, which includes the user ID. If synchronization is enabled, you cannot add new users and you cannot change existing user IDs. However, you can change all other settings for existing end users.

Note: In order to check whether configuration is enabled, use the System > LDAP > LDAP System menu option in Cisco Unified CallManager Administration. If the Enable Synchronizing from LDAP Server check box is not checked, synchronization is not in effect.

ccm5-roles-perms2.gif

Role Management

Roles allow Cisco Unified CallManager administrators who have full administration privilege (access) to configure end users and application users with different levels of privilege. Administrators with full administration privilege configure roles and user groups. In general, full-access administration users configure the privilege of other administration users and end users to Cisco Unified CallManager Administration and to other applications.

Different levels of privilege exist for each application. For the Cisco Unified CallManager Administration application, two levels of privilege exist: read privilege and update privilege. These privilege levels differ:

  • Users with update privilege can view and modify the Cisco Unified CallManager Administration windows to which the user's user group has update privilege.

  • A user with read privilege can view the Cisco Unified CallManager Administration windows that belong to the roles to which the user's user group has read privilege. However, a user with read privilege for a window cannot make any changes on those administration windows to which the user has only read privilege. For a user with read privilege, the Cisco Unified CallManager Administration application does not display any update buttons or icons.

Roles comprise groups of resources for an application. At installation, default standard roles get created for various administrative functions. However, you can create custom roles that comprise custom groupings of resources for an application.

Note: Certain standard roles have no associated application or resource. These roles provide login authentication for various applications.

This section describes how to add a role to Cisco Unified CallManager Administration.

Complete these steps:

  1. Choose User Management > Role.

    The Find and List Roles window displays.

  2. Perform one of these tasks:

    • In order to copy an existing role, locate the appropriate role as described in the Finding a Role section and click the Copy button next to the role that you want to copy. In the popup window that displays, enter a name for the new role and click OK. Continue with step 4.

      Note: Copying a role also copies the privileges that are associated with that role.

    • In order to add a new role, click the Add New button, and continue with step 3.

    • In order to update an existing role, locate the appropriate role as described in the Finding a Role topic and continue with step 4.

  3. If you are adding a new role, choose an application from the Application drop-down list box and click Next.

    ccm5-roles-perms3.gif

  4. In the Role Configuration window that displays, enter the appropriate settings.

  5. Click Save in order to add the role.

    The new role gets added to the Cisco Unified CallManager database.

User Group Configuration

The role and user group menu options in the Cisco Unified CallManager Administration User Management menu allow users with full access to configure different levels of window access for Cisco Unified CallManager administrators. Users with full access configure roles, user groups, and access privileges for roles. In general, full-access users configure the access of other users to Cisco Unified CallManager Administration.

Note: The role Standard CCM Admin Users must be assigned to a user group to enable its members to logon to the CCMAdmin website. The role Standard CCM End Users must be assigned to a user group to enable its members to logon to the CCMUser website.

Assigning Roles to a User Group

Users with full access can assign roles to user groups. A user group that has assigned roles has access to the resources that the role comprises.

Note: When an administrator assigns roles to a user group, the administrator should assign the Standard CCM Admin Users role to the user group. This role enables the users to log into Cisco Unified CallManager Administration.

These steps should be completed to assign roles to a user group in Cisco Unified CallManager Administration:

  1. Choose User Management > User Group.

    The Find and List User Groups windows displays.

  2. Find the user group to which you want to assign roles.

  3. Click the name of the user group for which you want to assign roles.

    The user group that you chose displays. The Users in Group list shows the users that currently belong to the user group.

  4. From the Related Links drop-down list box, choose Assign Role to User Group and click Go.

    The User Group Configuration window changes to display the Role Assignment pane. For the user group that you chose, the list of assigned roles displays. Choose one of these options:

    • In order to assign roles to the user group, go to step 5.

    • In order to delete roles from the user group, go to step 9.

  5. Click Assign Role to Group in order to assign additional roles to the user group.

    The Find and List Roles popup window displays.

  6. If necessary, use the Find Role search criteria to narrow the list of roles.

  7. Choose the roles to assign to this user group by clicking the check boxes next to the role names. In order to close the Find and List Roles popup window without assigning roles to this user group, click Close.

  8. Click Add Selected.

  9. In order to delete an assigned role from the user group, select a role in the Role Assignment pane and click Delete Role Assignment. Repeat this step for each role that you want to delete from this user group.

  10. Click Save.

    The system makes the added and deleted role assignments to the user group in the database.

Viewing a User's Roles, User Groups, and Permissions

This section describes how to view the roles, user groups, and permissions that are assigned to a user that belongs to a specified user group. Use the next procedure to view the roles, user groups, and permissions that are assigned to a user in a user group.

Note: You can also view user roles by using User Management > Application User (for application users) or User Management > End User (for end users) to view a particular user and then display the user roles.

  1. Choose User Management > User Group.

    The Find and List User Groups window displays.

  2. Find the user group that has the users for which you want to display assigned roles.

  3. Click the name of the user group for which you want to view the roles that are assigned to the users.

    The User Group Configuration window displays for the user group that you chose. The Users in Group pane shows the users that belong to the user group.

  4. For a particular user, click the i icon in the Permission column for the user.

    ccm5-roles-perms4.gif

    The User Privilege window displays. For the user that you chose, this information displays:

    • User groups to which the user belongs

    • Roles that are assigned to the user

    • Resources to which the user has access. For each resource, this information displays:

      • Application

      • Resource

      • Permission (read and/or update)

    ccm5-roles-perms5.gif

  5. In order to return to the user, choose Back to User from the Related Links drop-down list box and click Go.

Troubleshoot

Login to the Personal Directory Fails

In Cisco Unified Communications Manager 6.x, if the login to the personal directory fails with the PD Error Message error message, it can be because users had their pins set to change at next login. In order to resolve this issue, go to User Management > User Groups > Standard CCM End Users > Default password and disable it.

NetPro Discussion Forums - Featured Conversations

Networking Professionals Connection is a forum for networking professionals to share questions, suggestions, and information about networking solutions, products, and technologies. The featured links are some of the most recent conversations available in this technology.
NetPro Discussion Forums - Featured Conversations for Voice
Service Providers: Voice over IP
Voice & Video: Voice over IP
Voice & Video: IP Telephony
Voice & Video: IP Phone Services for End Users
Voice & Video: Unified Communications
Voice & Video: IP Phone Services for Developers
Voice & Video: General

Related Information

Updated: Sep 25, 2007Document ID: 98796