07-24-2015 10:37 AM - edited 03-13-2019 09:04 PM
What roles are required for the Unity Connection user for the VCS Expressway-C configuration? I'm assuming Cisco wants the service account to have system administrator, but I would prefer not to do that for obvious reasons. Haven't been able to find anything other than "enter the credentials" in the documents.
07-24-2015 12:49 PM
It would help if you properly explain exactly what you're trying to do, and not mix terms
Either you have a VCS-E, or an expressway-C.
07-28-2015 11:56 AM
What I have is a VCS-Expressway Core and a VCS Expressway Edge. I am going through the document for MRA, or the remote access for the JABBER clients. On the Core, I need to specify the Unity Connection server, and it is asking for a user/pass. There is no explanation in the document as to what the perms/roles need to be for said user. If I go to the VCS Unity Connection configuration guide it talks about setting up a SIP trunk for endpoints that are registered to the VCS Control, there is nothing I have found other than the MRA configuration guide for the Expressway Core configuration.
I agree the naming of the products is confusing, especially when you are trying to learn.
07-29-2015 01:01 PM
Use the Unity Connection cluster application administrator ID. Expressway uses that ID to query the nodes and pull hostname information so it can add Unity Connection nodes to the HTTP allow list. Prior versions of Expressway did not include this automatic query and you had to modify the HTTP allow list manually. AFAIK that is all the Expressway to Unity Connection query does.
08-02-2015 10:43 PM
Yeah, figured Cisco wants the "god" account again. Horrible. I've never been a fan of the "we're not going to tell you what permissions are actually needed, just give me everything" approach. But it is an easy way to do it. Especially becomes a problem when you only have one "god" account and someone changes the password and random things start breaking. Always create a separate account.
08-03-2015 06:06 AM
The issue you've described above isn't a technology problem. If you're concerned about the admin account password being reset randomly you should look new methods of managing the system. RBAC is available.
09-19-2016 03:21 PM
Have the same question. Customer requires hardening and is requesting the absolute minimum role necessary for VCS-C to communicate successfully with Unity. If no answer here, I will open a TAC or PDI case.
09-19-2016 08:50 PM
I don't think there's any documentation that explains what is the exact role that is required for the integration to CUCM, IM&P or CUC, I guess the assumption is that you'll use one user who has admin privileges. Bear in mind that CUC just provides a limited set of roles.
12-04-2016 06:05 AM
That is not entirely correct.
CUCM (and thus implicitly IM&P, as more recently they have been integrated) requires a user with AXL API access rights.
There is a standard Role for it, but not a Standard access group that is delimited to only this.
However you can do one group with only this role in it and add your limited CUCM end-user to only this group.
There is probably something similar for Unity as well, but unfortunately I have no unity/VCS/Expressway setup on hand right now to test this.
Looking at roles in Unity I would hazard a "remote administrator" role may be the one.
This user is really only used to query members of a cluster from the publisher. For CUCM & IM&P this is an AXL query, for Unity (if I'm not mistaken) it's based on the REST API.
Once the servers have been queried, this user is not actively used in day to day operations (you can delete it or change its password and services would keep to function as before, but if for any reason the servers would need to be refreshed again, that would fail of course)
03-07-2017 08:47 AM
For those still looking at this question - I did a little poking, first creating a separate appuser "service account" and found that:
Is what it is I suppose, but would be nice if the MRA documentation was at least clear on this point for CUC.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide