Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
439
Views
10
Helpful
3
Replies

Creating Custom account permissions in CUCM

CiscoMS
Level 1
Level 1

‎07-24-2018 03:39 PM - edited ‎03-17-2019 01:14 PM

Hello all,

 

Just curious if anybody has attempted using AXL or some other scripting to create customer user roles that only have access to specific number ranges, MAC ranges, etc. Also curious if that's even allowed (i'm a little ignorant regarding usage agreements with Cisco, so I like to ask first!). The end goal is to have two different administrators that are each only capable of seeing and making changes to their half of the user base.

 

Currently toying with CUCM 10.5, if that makes a difference.

 

Thanks,

CiscoMS

Labels:
0 Helpful
3 Replies 3

Dennis Mink
VIP Alumni
VIP Alumni

‎07-24-2018 06:37 PM

I dont think even with axl that is possible. all permissions in cucm are DB table related. either you can acess them or not, but no partial access as far as I know.

Please remember to rate useful posts, by clicking on the stars below.

CiscoMS
Level 1
Level 1
In response to Dennis Mink

‎07-24-2018 07:50 PM

@Dennis Mink,

 

Thinking a bit outside the box, do you reckon AXL could be used to restrict access on the front-end? What I mean to say is this. If, say, a SuperUser were to attempt add a directory number to a device, would an AXL application have the capacity to recognize that the returned value from the database does not fall within a specified set of parameters, and stop the process?

For example,

Simple web GUI using AXL to chat with CUCMs API.

1: User logs into web GUI.

2: Credentials are passed to CUCM, which verified that user is a SuperUser.

3: SuperUser uses GUI to attempt adding a line to the device.

4: GUI (using some kind of scripting like JS), determines that the line # does not belong to the SuperUser account and terminates the function, rather than sending the information to CUCM.

 

 

While i'm on the subject, does anybody perhaps have links to resource material for AXL? I'm comfortable with several programming languages, but i'm not at all familiar with AXL. Need some documentation to figure out syntax.

 

I appreciate the response!

CiscoMS

0 Helpful

Jaime Valencia
Cisco Employee
Cisco Employee
In response to CiscoMS

‎07-24-2018 08:26 PM

That might be possible if you do the validation yourself and then just send the request if it passes the validation.

 

CUCM permissions are not that granular, the most granular you can get is: either you cannot view a config page, you can only view, or you can view and edit. No way to limit what you can do in that config page.

 

For example, if you have access to the end users page, you have access to all end users, no way to allow only a subset of them, same for any other page.

 

https://youtu.be/yOuQAxYHGZk

 

You can go to DevNet for AXL material.

HTH

java

if this helps, please rate
Customers Also Viewed These Support Documents