 |
Modular Messaging Help
|
|
|
VMSC - VMD - Security Roles Dialog Box
|
This topic describes how to use the Security Roles dialog box to set up members and tasks for Role-Based Access Control (RBAC) in the voice mail domain.
|
Note:
To configure the Security Roles dialog box and use these menu commands, you must be a member of a security role assigned the Security - Administer task. If you are a member of a role assigned the Security - View task, you have read-only access to this dialog box.
|
With RBAC, the members of the role are the people who have the capabilities of the role, and the tasks control what the members of the role are allowed to do.
There are preset roles for 
Servers, 
System Administrator, System Auditor, Subscriber Administrator, Subscriber Auditor, and Subscriber Helpdesk. These are standard configurations with the optimum tasks assigned to the role. You can assign members to these roles.
|
Note:
The preset role for Servers is intended for servers to have access to perform their duties. This role has the full range of system administration and subscriber administration tasks.
|
You can create 
new roles where you can select task assignments from a list, and assign members to these roles.
|
Notes:
- Permission to administer the message store server (Avaya MSS) is controlled by the store itself, not the MAS.
- Security roles apply to all Modular Messaging Windows servers in a voice mail domain, including Web Client servers, MASs, and supplementary servers.
- Changes to roles are enforced as soon as possible by the Modular Messaging Windows servers, but within 5 minutes of the changes. It is not necessary to restart the servers when changes are made to roles.
- You can use security roles to control access to configuring:
- These system administration tools: Voice Mail System Configuration, the parts of the Caller Applications Editor that control deployment, and Password Policy Editor.
- This diagnostic and reporting tool: Port Monitor.
- These subscriber administration tools: Subscriber Options in administrator mode.
- Security roles do not apply to:
- This system administration tool: Visual Voice Editor. You can, however, set the permissions on the prompt files so that only the required users have permissions to write to them.
- These diagnostic and reporting tools: Reporting Tool, Operation History Viewer, Performance Monitoring - Modular Messaging Counters, the Dialogic Line Tester, the Modular Messaging Snapshot Utility, and the MM Audit Log Viewer.
- If you prefer to perform most of your role administration using Windows Active Directory then you could, for example, create a domain group called “MM System Administrators”, and add that as a member of the System Administrator role. You could then grant users permission to administer Modular Messaging by adding them to a Windows group. You should be careful to monitor the membership of this group, however, to ensure that changes do not affect access to Modular Messaging.
|
Preset Roles
- Servers This role is intended for servers to have access to perform their duties. This role has the full range of system administration and subscriber administration tasks.
|
Note:
All MASs in the voice mail domain must be members of this role. When an MAS is added to the voice mail domain, it is added as a member automatically.
|
|
- System Administrator The tasks assigned to this role mean that its members can view and change anything in Voice Mail System Configuration, Port Monitor, Password Policy Editor, and the parts of the Caller Applications Editor that control deployment. This replaces the System Administration ACL that was used in previous versions of Avaya Modular Messaging.
|
Note:
The other administrative and diagnostic tools that run on the MAS are not security controlled.
|
|
- System Auditor The tasks assigned to this role mean that its members have read-only access to all the system administration settings listed above.
- Subscriber Administrator The tasks assigned to this role mean that its members can start Subscriber Options in administrator mode, to administer a mailbox on behalf of a subscriber. This replaces the Subscriber Administration ACL that was used in previous versions of Avaya Modular Messaging.
- Subscriber Auditor The tasks assigned to this role mean that its members have read-only access to all the subscriber administration settings listed above.
- Subscriber Helpdesk The tasks assigned to this role mean that its members can start Subscriber Options in administrator mode. They can reset the fax authorization code, but have view-only access to other settings.
Configuring Customer-Created Roles
You can also create new roles where you can select task assignments from a list. For information on creating, copying, renaming or deleting these roles, see VMSC - VMD - Create/Copy/Rename Roles Dialog Box.
Launching the Security Roles Dialog Box
- In the Voice Mail System Configuration window, click the voice mail domain.
- Double-click
Security Roles.
The system displays preset roles Servers, System Administrator, System Auditor, Subscriber Administrator, Subscriber Auditor, and Subscriber Helpdesk.
There might also be customer-configured roles.
- Double-click on the required role. The system displays the Security Roles dialog box for the selected role.
Tabs Available in this Dialog Box
Top of page
