Print

AE Services administrative roles and access privileges (role based access control - RBAC)

AE Services provides role-based access control (RBAC), which establishes the following roles for AE Services administrators (AE Services Management Console access and ssh access). The AE Services server uses the reserved Linux user ID range 500-599 and the reserved Linux group ID range 500-599 for the default AE Services server users and groups.

Role Linux group Linux group ID AE Services Management Console access
System_Administrator susers 555 Read and write access to the following menus:
  • AE Services

  • Communication Manager Interface

  • Licensing

  • Maintenance

  • Networking

  • Security (the System_Administrator does not have access to Account Management, PAM, and Tripwire Properties)

  • Status

  • Utilities

  • Help

noteNote

The System_Administrator role does not have access to User Management.

Security_Administrator securityadmin 505 Read and write access to the following menus in the AE Services Management Console:
  • Security (the Security_Administrator does not have access to Enterprise Directory, Host AA, and Standard Reserved Ports)

  • Status

  • Help

UserSvc_Admin usrsvc_admin 508 Read and write access to the following menus:
  • User Management

noteNote

To acquire the Administrative role for User Management, a user must have an administered account in User Admin (the local LDAP data store) with the Avaya role set to userservice.useradmin.

Auditor users 100 Limited, read-only access to the following menus:
  • Security — access is limited to:

    • Audit

    • Certificate Management

    • Security Database > CTI Users

  • Status

    • Alarm Viewer

    • Logs -- access is limited to:

      • Audit Logs

      • Error Logs

      • Install Logs

      • User Management Service Logs

  • Status > Status and Control — access is limited to:

    • CVLAN Service Summary

    • DLG Service Summary

    • DMCC Service Summary

    • Switch Conn Summary

    • TSAPI Service Summary

  • Help

Backup_Restore backuprestore 507 Limited, read and write access to the following to the following menus:
  • Maintenance — access is limited to:

    • Server Data > Backup

    • Server Data > Restore

  • Help

Avaya_Maintenance avayamaint 506 Limited, read and write access to the following menus in the AE Services Management Console:
  • Maintenance

    • Security Database

    • Service Controller

    • Server Data

  • Status

    • Logs

  • Utilities

    • Diagnostics

  • Help

EASG Administrator easg 510 Read and write access of the EASG option on the PAM Password Manager.