Configuring Privileges

This chapter contains the following sections:

Overview

Cisco Unity Express software provides several predefined privileges that you can assign to groups. You can also create your own privileges and modify the predefined privileges.

When you assign a privilege to a group, any member of the group is granted the privilege rights. An administrator group is created automatically by the software initialization process from the imported subscribers designated as administrators. You can assign subscribers to an existing group using CLI commands or the GUI option Configure > Users.

When you create or modify privileges, you add or delete the operations allowed by that privilege. Operations define the CLI commands and GUI functions that are allowed. Most operations include only one CLI command and GUI function. In addition to adding operations to a privilege, you can also configure a privilege to have another privilege nested inside of it. A privilege configured with a nested privilege includes all operations configured for the nested privilege.

Table 1 describes the predefined privileges provided with the Cisco Unity Express software and the operations associated with them. Table 2 describes all available operations that you can add to privileges.

note.gif

Noteblank.gif You cannot modify the superuser privilege. The superuser privilege includes all the operations.

To configure privileges, see Creating a New Privilege.

To display a list of privileges, use the show privileges command in Cisco Unity Express EXEC mode. To display detailed information about a specific privilege, use the show privilege detail command.

note.gif

Note Users do not need privileges to access their own data. The user’s data is primarily associated with the voice mail application and includes the user’s:

  • Language (configured for the user’s voice mailbox)
  • Password
  • PIN
  • Membership to groups owned by the user
  • Ownership of groups owned by the user
  • Notification profile
  • Cascade settings
  • Personal voice mail zero out number
  • Voice mail greeting type
  • Voice mail play tutorial flag
  • Public distribution lists owned by the user
  • Private distribution lists

 

Table 1 Privileges

Privilege
Description
Default Operations

superuser

Grants unrestricted system access.

all

Manageprompts

Allows subscribers access to the AvT prompt management but not to any other administrative functions.

prompt.modify
system.debug

broadcast

Allows subscribers to send broadcast messages across the network.

broadcast.local broadcast.remote system.debug

local-broadcast

Allows subscribers to send broadcast messages only to subscribers on the local network.

broadcast.local
system.debug

manage-passwords

Allows subscribers to create, modify, and delete user passwords and PINs.

user.pin
user.password
system. debug

ManagePublicList

Allows subscribers to create and modify public distribution lists.

voicemail.lists. public
system.debug

manage-users

Allows subscribers to create, modify, and delete users.

user.configuration
user.pin
user.password
user.mailbox
user.notification
user.remote, group.configuration system.debug

ViewHistorical
Reports

Allows subscribers to view historical reports.

report.historical

ViewPrivateList

Allows subscribers to view another subscriber’s private distribution lists. The subscriber cannot modify or delete the private lists.

voicemail.lists.private.view

ViewRealTime
Reports

Allows subscribers to view real-time reports.

report.realtime

vm-imap

Allows subscribers to access the IMAP feature.

voicemail.imap.user

Table 2 Operations

Operation
Description

broadcast.local

Create and send broadcast messages to local locations. Delete or reschedule broadcast messages.

broadcast.remote

Create and send broadcast messages to remote locations.

call.control

Configure settings for Cisco Unified CME (SIP) and Cisco Unified Communications Manager (JTAPI).

database.enterprise

Configure Enterprise database settings.

group.configuration

Create, modify, and delete groups.

network.location

Create, modify, and delete network locations, network location caching, and NDR/DDR configuration.

prompt.modify

Create, modify, and delete system prompts for AA scripts. Also includes upload/download of prompts on the CLI.

report.historical.manage

Configure and generate historical reports. Collect data from Cisco Unity Express using the copy command.

report.historical.view

View historical reports.

report.realtime

Run and view real-time reports.

report.voicemail

Run and view voice mail reports.

restriction.tables

Create, modify, and delete restriction tables.

script.modify

Create, modify, and delete system AA scripts. Also include upload and download of scripts on the CLI and Editor Express.

security.aaa

Configure and modify AAA service settings.

security.access

Configure system level security regarding encryption of data, including defining crypto keys.

Note Also includes permission to reload the system.

security.password

Configure settings for the system password and policy, such as:

  • Expiry
  • Lockout (temporary and permanent)
  • History
  • Length

security.pin

Configure settings for the system PIN and policy, such as:

  • Expiry
  • Lockout (temporary and permanent)
  • History
  • Length

services.configuration

Configure system services: DNS, NTP/clock, SMTP, Fax Gateway, Cisco UMG, hostname, domain, interfaces (counters) and system default language.

Note Also includes permission to reload the system.

services.manage

System level services commands not related to configuration like clearing DNS cache and ping

site.configuration

Create, modify, or delete sites for use with Cisco UMG.

software.install

Install, upgrade, or inspect system software or add-ons such as languages and licenses.

Note Also includes permission to reload the system.

spokenname.modify

Create, modify, and delete spoken names for remote locations, remote users, and public distribution lists. Copy spoken names.

system.application

Configure system applications, such as voice mail, auto-attendant, Prompt Management, and so on.

system.backup

Configure backup.

system.calendar

Create, modify, and delete system schedules and holidays.

system.configuration

Configure system settings such as the clock, hostname, domain name, default language, and interfaces (counters).

system.debug

Collect and configure trace and debug data. Includes copying data like core and log files.

system.documents

Manage tiff, general, and template documents.

system.numbers

Create, modify, and delete call-in numbers for voice mail, AA, AvT, and IVR. This includes SIP, JTAPI, and HTTP triggers.

system.sessions

Terminate others voice mail sessions (VVE, SIP, or JTAPI). Unlock locked mailboxes.

system.view

View system settings and configuration.

user.configuration

Create, modify, and delete users and groups, including the configuration of:

  • First and Last Name
  • Nickname
  • Display Name
  • Language

user.mailbox

Create, modify, and delete a user or group voice mailbox.

user.notification

Set or change others notification/cascade profiles.

user.password

Create, set, or remove others passwords.

user.pin

Create, set, or remove others pins.

user.remote

Create, modify, and delete remote users.

voicemail.configuration

Configure system-level voice-mail features:

  • Mailboxes
  • Fax
  • Notification/cascade
  • Non-subscriber options
  • Broadcast
  • TUI config
  • Live-record
  • Live-reply
  • IMAP
  • VVE

voicemail.imap.user

Manage personal voice mail via IMAP client.

voicemail.mwi

Reset/Refresh phone message waiting indicators. Configure SIP MWI delivery.

voicemail.lists.public

Create, modify, and delete public voice mail distribution lists.

voicemail.lists.private.view

(GUI Only) View others private voice mail lists.

webapp.modify

Deploy web applications on Cisco Unity Express.

webapp.control

Start, stop, or restart web applications.

Creating a New Privilege

Use this procedure to create a new privilege and or specify which operations are included in it.

Step 1blank.gif Choose Configure > Privileges. The Privileges Configuration window appears.

Step 2blank.gif Click Add.

Step 3blank.gif Enter a name and description for the privilege.

Step 4blank.gif Select the operations that you want to add to the privilege.

Step 5blank.gif Click Add.

Step 6blank.gif Click Ok to save your changes.

 

Customizing an Existing Privilege

Use this procedure to change or display which operations are included a privilege.

Step 1blank.gif Choose Configure > Privileges. The Privileges Configuration window appears.

Step 2blank.gif Select the privilege that you want to customize.

You might have to change the number of rows per page or select a different page to see the privilege that you want to change.

Step 3blank.gif Select the operations that you want to add to the privilege or deselect the operations that you want to remove.

note.gif

Noteblank.gif Some operations are mandatory and cannot be removed.

Step 4blank.gif Click Apply.

Step 5blank.gif Click Ok to save your changes.

 

Deleting a Privilege

Use this procedure to delete a privilege.

Step 1blank.gif Choose Configure > Privileges. The Privileges Configuration window appears.

Step 2blank.gif Select the privilege that you want to delete.

Step 3blank.gif Click Delete.

Step 4blank.gif Click Ok to save your changes.