So we ran into this strange problem with our CUC 8.6. We have techs assigned to the Helpdesk role. They can reset the Voicemail PINs for almost all users save for a handful. When they attempt to reset the PINs for these users they get a Not Authorized error. What could be the cause of this?
Probably those handful of users that cannot be reset have higher Roles as Admin or Audit and therefore you cannot change them.
Hmm, we checked his roles and indeed he has the Helpdesk role and the other user has no roles. Funny thing too we just noticed is that this particular Helpdesk tech cannot modify other Helpdesk techs PINS, but they *can modify his..
Can you please check the user privilleges and try Assign system administrator role for the account to allow the reset/modify the operation .
Hi Nadeem, unfortunately we cannot assign him systems admin role, he's with our helpdesk group. My account as a system admin has not issues resetting users PINs.
Check some of these out:
Some existing bugs> CSCtn59526 CUC - Account with User Administrator role cannot delete users CSCtd45141 Cisco Unity Privilege Escalation Vulnerability CSCsl92087 (registered customers only) —CUC 2.0 Helpdesk Administrator Role does not allow user to unlock accounts
look like to me issue with this , an DDTs was opened to addressed to Vulnerability, may that's the reason HELPDESK not able to change the same. there is no workaround to this.
Cisco Unity Privilege Escalation Vulnerability
Please rate all useful post.
Awesome thank you everyone for your response.
A somewhat related question:
Of the roles in CUC 8.6:
Audio Text Admin
Help Desk Admin
Mailbox Access Delegate
Which of these roles can a Helpdesk Admin role user be able to change their PINs?
If you check the guide the Help Desk is more than enough to change PIN's, however there is a catch, you cannot change them for users that have higher privileges otherwise it would be a Privilege Escalation:
Some existing bugs> CSCtn59526 CUC - Account with User Administrator role cannot delete users
CSCsl92087 (registered customers only) —CUC 2.0 Helpdesk Administrator Role does not allow user to unlock accounts
Help Desk Administrator
This role allows an administrator to reset user passwords and PINs, unlock user accounts, and view user setting pages.
Note The "Manage Call Handlers Belonging To Users Only - View Only" privilege refers to the primary call handler assigned to a user that include all greetings, transfer rules, and menu entries that you see on the User's page under the Roles section.
You mentioned "for almost all users save for a handful", due to the escalation issue this would be expected unless you assign the Help Desk role the same or higher privileges than of those who they are wishing to change.
Thanks for the response.
So how can we assign the Help Desk role higher privileges than the User Administrator and Greetings Administrator roles?