cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
545
Views
10
Helpful
3
Replies

Creating Custom account permissions in CUCM

CiscoMS
Level 1
Level 1

Hello all,

 

Just curious if anybody has attempted using AXL or some other scripting to create customer user roles that only have access to specific number ranges, MAC ranges, etc. Also curious if that's even allowed (i'm a little ignorant regarding usage agreements with Cisco, so I like to ask first!). The end goal is to have two different administrators that are each only capable of seeing and making changes to their half of the user base.

 

Currently toying with CUCM 10.5, if that makes a difference.

 

Thanks,

CiscoMS

3 Replies 3

Dennis Mink
VIP Alumni
VIP Alumni

I dont think even with axl that is possible. all permissions in cucm are DB table related. either you can acess them or not, but no partial access as far as I know.

Please remember to rate useful posts, by clicking on the stars below.

@Dennis Mink,

 

Thinking a bit outside the box, do you reckon AXL could be used to restrict access on the front-end? What I mean to say is this. If, say, a SuperUser were to attempt add a directory number to a device, would an AXL application have the capacity to recognize that the returned value from the database does not fall within a specified set of parameters, and stop the process?

For example,

Simple web GUI using AXL to chat with CUCMs API.

1: User logs into web GUI.

2: Credentials are passed to CUCM, which verified that user is a SuperUser.

3: SuperUser uses GUI to attempt adding a line to the device.

4: GUI (using some kind of scripting like JS), determines that the line # does not belong to the SuperUser account and terminates the function, rather than sending the information to CUCM.

 

 

While i'm on the subject, does anybody perhaps have links to resource material for AXL? I'm comfortable with several programming languages, but i'm not at all familiar with AXL. Need some documentation to figure out syntax.

 

I appreciate the response!

CiscoMS

That might be possible if you do the validation yourself and then just send the request if it passes the validation.

 

CUCM permissions are not that granular, the most granular you can get is: either you cannot view a config page, you can only view, or you can view and edit. No way to limit what you can do in that config page.

 

For example, if you have access to the end users page, you have access to all end users, no way to allow only a subset of them, same for any other page.

 

https://youtu.be/yOuQAxYHGZk

 

You can go to DevNet for AXL material.

HTH

java

if this helps, please rate