Solved: UCCX - CUCM Application user "rmuser" lost all permissions

podwats · ‎10-21-2022

we recently experienced an issue where the application user "rmuser" in CUCM lost all permissions. Is there a way to find out how this would happen? is this something that can only be done within the application user management in CUCM?

naturally, when the permissions were lost, we had some serious issues within the call center

cucm version 11.5.1

Thanks in advance!

Maren Mahoney · ‎10-21-2022

In CUCM the Audit Log (which captures all logins and what that login did) is enabled by default. You can use the RTMT to look at the Audit Log and do a search for "rmuser". The activity where the application user account was changed should be captured.

The two ways to look at the Audit Log are with the Audit Log Viewer tool in RTMT or by pulling the raw Audit Log. Of the two, I think you might have better luck with the raw Audit Log file because you can do a straight text string search. The search feature of the Audit Log View tool in RTMT is good but not awesome and you may not hit what you are looking for.

Maren

View solution in original post

Maren Mahoney · ‎10-21-2022

In CUCM the Audit Log (which captures all logins and what that login did) is enabled by default. You can use the RTMT to look at the Audit Log and do a search for "rmuser". The activity where the application user account was changed should be captured.

The two ways to look at the Audit Log are with the Audit Log Viewer tool in RTMT or by pulling the raw Audit Log. Of the two, I think you might have better luck with the raw Audit Log file because you can do a straight text string search. The search feature of the Audit Log View tool in RTMT is good but not awesome and you may not hit what you are looking for.

Maren