Cisco Unity Installation Guide (With Microsoft Exchange), Release 4.0(1)
Appendix D: Permissions Set by the Cisco Unity Permissions Wizard
Download this chapter
Appendix D: Permissions Set by the Cisco Unity Permissions WizardAppendix D: Permissions Set by the Cisco Unity Permissions Wizard
Download the complete book
PDF Version of Entire BookPDF Version of Entire Book (PDF - 3 MB)
 Feedback

Table Of Contents

Permissions Set by the Cisco Unity Permissions Wizard

Permissions Set for Exchange 2000

Permissions Set for the Installation Account

User Rights

Group Membership

Active Directory Permissions

Permissions Set For the Directory Services Account

User Rights

Group Membership

Active Directory Permissions

Permissions Set For the Message Store Services Account

User Rights

Group Membership

Permissions Set for Exchange 5.5

Permissions Set for the Installation Account

User Rights

Group Membership

Permissions Set for the Directory and Message Store Services Account

User Rights

Group Membership


Permissions Set by the Cisco Unity Permissions Wizard

This appendix enumerates the permissions set automatically by the Cisco Unity Permissions wizard. Some accounts also require that Exchange permissions be set manually. For more information, see the "Setting Exchange Permissions" section.

This appendix contains the following sections:

Permissions Set for Exchange 2000

Permissions Set for Exchange 5.5

For information about using the Permissions wizard, see the "Setting Rights and Permissions with the Cisco Unity Permissions Wizard" section.

Permissions Set for Exchange 2000

Permissions Set for the Installation Account

When you run the Permissions wizard, the following permissions are set for the installation account.

User Rights

The installation account is granted the following user rights:

Log on as a service.

Act as part of the operating system.

Log on as a batch job.

Group Membership

The installation account is added to one of the following groups:

The Administrators group, when the Cisco Unity server is a domain controller.

The Local Administrators group, when the Cisco Unity server is not a domain controller.

Active Directory Permissions

If any Exchange 2000 users will be Cisco Unity subscribers (regardless of whether any Exchange 5.5 users will also be Cisco Unity subscribers), the Cisco Unity Permissions wizard sets the permissions listed in Table D-1 for the installation account.

Table D-1 Active Directory Permissions Set by the Permissions Wizard for the Installation Account 

Container
Permission

Where new users are created

Applied onto this object only

Create User objects

Create Contact objects

Applied onto User objects

Read properties

Write properties

List contents

Read permissions

Modify permissions

Change password

Reset Password

Delete

Applied onto Contact objects

Read properties

Write properties

List contents

Read permissions

Modify permissions

Delete

Where new groups are created

Applied onto this object only

Create Group objects

Applied onto Group objects

Read properties

Write properties

List contents

Read permissions

Modify permissions

Delete

Where Cisco Unity location objects are created

Applied onto this object and all child objects

Create CiscoEcsbuUMLocation objects

Applied onto CiscoEcsbuUMLocation objects

Full control

Where Cisco Unity Bridge contacts (if any) are created

Applied onto this object and all child objects. Set only if Cisco Unity will use the Cisco Unity Bridge.

Create contact objects

Applied onto contact objects. Set only if Cisco Unity will use the Cisco Unity Bridge.

Read properties

Write properties

List contents

Read permissions

Modify permissions

Delete

Where imported objects are imported from

Applied onto User objects

Read properties

Write properties

List contents

Read permissions

Modify permissions

Change password

Reset Password

Delete

Applied onto Group objects

Read properties

Write properties

List contents

Read permissions

Modify permissions

Delete

Applied onto Contact objects

Read properties

Write properties

List contents

Read permissions

Modify permissions

Delete

Root container in the Cisco Unity server's home domain

Applied onto this object and all child objects

Create organizational unit objects


Permissions Set For the Directory Services Account

When you run the Permissions wizard, the following permissions are set for the directory services account.

User Rights

The directory services account is granted the following user rights:

Log on as a service.

Act as part of the operating system.

Log on as a batch job.

Group Membership

The directory services account is added to one of the following groups:

The Administrators group, when the Cisco Unity server is a domain controller.

The Local Administrators group, when the Cisco Unity server is not a domain controller.

Active Directory Permissions

If any Exchange 2000 users will be Cisco Unity subscribers (regardless of whether any Exchange 5.5 users will also be Cisco Unity subscribers), the Cisco Unity Permissions wizard sets the permissions listed in Table D-2 for the service account.

Table D-2 Active Directory Permissions Set by the Permissions Wizard for the Directory Services Account 

Container
Permission

Where new users are created

Applied onto this object only. Set only if creating users via Cisco Unity Administrator is allowed.

Create User objects

Applied onto this object only. Set only if creating contacts via Cisco Unity Administrator is allowed.

Create Contact objects

Applied onto User objects

Read properties

Write properties

List contents

Read permissions

Modify permissions

Change password

Reset Password

Delete

Applied onto Contact objects

Read properties

Write properties

List contents

Read permissions

Modify permissions

Delete

Where new groups are created

Applied onto this object only. Set only if creating groups via Cisco Unity Administrator is allowed.

Create Group objects

Applied onto Group objects

Read properties

Write properties

List contents

Read permissions

Modify permissions

Delete

Where Cisco Unity location objects are created

Applied onto this object and all child objects

Create CiscoEcsbuUMLocation objects

Applied onto CiscoEcsbuUMLocation objects

Full control

Where Cisco Unity Bridge contacts (if any) are created

Applied onto this object only. Set only if Cisco Unity will use the Cisco Unity Bridge.

Create Contact objects

Applied onto Contact objects. Set only if Cisco Unity will use the Cisco Unity Bridge.

Read properties

Write properties

List contents

Read permissions

Modify permissions

Delete

Where imported objects are imported from

Applied onto User objects

Read properties

Write properties

List contents

Read permissions

Modify permissions

Change password

Reset Password

Delete

Applied onto Group objects

Read properties

Write properties

List contents

Read permissions

Modify permissions

Delete

Applied onto Contact objects

Read properties

Write properties

List contents

Read permissions

Modify permissions

Delete


Permissions Set For the Message Store Services Account

When you run the Permissions wizard, the following permissions are set for the message store services account.

User Rights

The message store services account is granted the following user rights:

Log on as a service.

Act as part of the operating system.

Log on as a batch job.

Group Membership

The message store services account is added to one of the following groups:

The Administrators group, when the Cisco Unity server is a domain controller.

The Local Administrators group, when the Cisco Unity server is not a domain controller.

In addition, the message store services account is added to the Exchange Domain Servers group

Caution The account that owns Cisco Unity message store services cannot be a member of the Domain Admins group or be an Exchange 2000 administrator.

Permissions Set for Exchange 5.5

Permissions Set for the Installation Account

When you run the Permissions wizard, the following permissions are set for the installation account.

User Rights

The installation account is granted the following user rights:

Log on as a service.

Act as part of the operating system.

Log on as a batch job.

Group Membership

The installation account is added to one of the following groups:

The Administrators group, when the Cisco Unity server is a domain controller.

The Local Administrators group, when the Cisco Unity server is not a domain controller.

Permissions Set for the Directory and Message Store Services Account

When you run the Permissions wizard, the following permissions are set for the directory and message store services account.

User Rights

The directory and message store services account is granted the following user rights:

Log on as a service.

Act as part of the operating system.

Log on as a batch job.

Group Membership

The directory and message store services account is added to one of the following groups:

The Administrators group, when the Cisco Unity server is a domain controller.

The Local Administrators group, when the Cisco Unity server is not a domain controller.