Well, we will finish the first module of our training by explaining how admins are added into CM and how to setup permissions for them. Maybe you have a junior in your deparment, or maybe you want your helpdesk departments to do password resets.
The way it works is like this.
You setup users-profiles in your CM using tutty or ASA. Then you will use the webinterface to create a new admin and assign him the user-profile you desire. At the end, you will use the same webinterface to setup what weboptions will be available to the user.
Here is the list of the commands we will learn here:
- add user-profile
- display user-profile
- list user-profile
- change user-profile
- remove user-profile
- duplicate user-profile
1. ADD USER-PROFILE
This command is used to add a user profile into the system. This user-profile will define what permissions are available to the users that you will be adding to this user profile later. Each user profile has a unique number that starts at 20. As a general rule try to follow the convention: The higher the number, the lesser the privileges. For example, your admin user account will be assigned to the userprofile 20. However, DADMIN (higher admin) has a user profile of 18. For you, the helpdesk user could be userprofile 25.
The Add user-profile will display the following screen:
Now from page 2 to 41 there are a lot of permissions that you can setup to
- no access = type --
- read only access -(will allow the commands: list, display, status) = type r-
- change only access (will allow the commands: add, change, remove) = type w-
- readandwrite access (allows add,change,remove,list,display,status) = type rw
- maintenance type access = type m-
Each permission can be categorised in one of the categories on the first page (from A to R, alphabetically). Now, the problem is that when Avaya implemented the system, they ordered the permission alphabetically and not by category. Now, when you want to setup a permission, you have the set the whole category on the first page to y first. Once you do this though, all the permissions for that category will be set to y. Then you have to go into the system and find them, and disable what you don't want to give to the user/admin. Kind of a nuissance, but the good thing is that every permission has the category it is part of in the name. For example: if you wish to give a user the options to aar analysis only, then you would set the category J to y, then starting from page 2 find all the entries that have the Category J in the second column( aar digit-conversion, ars analysis, etc) and turn them off by entering the -- for the category. Skip the aar analysis as that's what you wanted.
Going back to the image, you have to give the user-profile a name (but remember the most imporant attribute of the user-profile is the number). The name is useful when doing list user-profile so we can easily identify each one.
Also, if you turn shell access then the user will be allowed to ssh into the box as well. Otherwise, the users can access the system via ASA only.
Step 2. Once, you've setup the name and decided what categories you want to give to the user, start with the second page and decide what permissions will be given to the user and what not.
Step 3. Now that we have a user profile defined, we have to define what options we will give to that user-profile on the webinterface. Open a connection to your CM and login with an Admin account - or dadmin if this is the first admin you're creating. Once you are logged in click on Launch Maintenance Web Interface.
Step 4. Once the new page loads you can see all the options you have access to on the left side menu. The permissions that we will be setting up will remove some (or add if that's what you wish) of them for the users that will be associated with the user profile you just created. From this screen click on Web Access Mask under security (last option on the left menu)
Step 5. Click on the Add button to add a new list of permissions and you will see this screen.
In the Access Mask, enter the user-profile that you've added earlier. If you have a lot of options to disable, then select Create and set all values to disable access. If you do this, then when you setup the persmissions, you will find them all deselected and you will have to select what you want to give to the user profile (remember, this is still permissions on the profile, not on the user yet!). If you select the Create and set all values to enable access, then you will have to go under the permission list and deselect what you don't want the user to have access to.
Step 6. At this point you have to select what permission you will give to the user. Depending on what you selected on the previous step you will have to either select or undeselect options. Go back on the Web Access Mask and now you will see your new user-profile in the list as a number. Select it then press the Change Button. You will see this screen
After this step is done, you will have a user-profile that has all the permission (both on the system and on the webinterface) setup. All you have to do from now on is to create new users and assign them to this user-profile. You don't have to create a new user profile for each user.
Step 7. Go under security and select Administrator Accounts. Select Add login and press the submit button. You will see the screen below
Step 8. Under this screen, type the user login name (the user name that will be used to connect to the system) under the Login Name field. Under the Additional groups (profile) setup the user-profile you've selected (22 in this example - will read prof22), setup a password and click on submit.
That's it. The user is created and assigned to the group where you've specified the permissions. From this point onward, if you wish to add more users to the system that have the same permission settings just go to the step 7 directly and setup the user. Just make sure the user is assigned to the right user-profile group. Questions ? Feel free to drop them in the form below and i'll be more than happy to answer them.
I won't go over the change user-profile, list user-profile and remove user-profile unless someone thinks it's necessary. Once you understand how to add a user-profile it's so easy to remove one.
if I have duplicate CM Pri and Sec , do I need to do step 7 on both of them or only Primary id enough ?
Do you know how i can block users-profiles to make “add” station command?
I only need to allow user changing stations, but not adding. Because i have a high control for license consumption.