Solved: TMS permissions

draach-85 · ‎04-03-2013

Hello,

I just wanted to have a user group in TMS, which only is able to book some systems in TMS (13.2.1 with PE). So i created a new group, give them only the permissions to access the booking tab and set the permissions on the hardware endpoints in the system navigator. Everything works fine with hardware systems but when I am going to book a new conference and "Add Participants" I can see the whole Provisioning Users (screenshot).

I could find where I can affect which hardware systems and which phone books I have access to, but I can't find any configuration parameters where I could configure, that the users should not be seen.

Magnus Ohm · ‎04-15-2013

Hi Draach

You cannot disable this access to see users in the current setup of TMS. And this might or might not be a flaw in how it is designed. If you look at the phonebooks permissions you have a lot more detailed permissions you can set. You can provide read access only without letting the user change anything but you cannot do this for the provisioning directory. Its either access or not wich will be a little overkill just to view them in the Add participant window. This is because access to the provisioning users would also give full admin access to modify provisioning settings and such. I agree with you that this might be in a twilight zone but it would have to be a feature request to add in more permissions for the Provisioning Users where read access to the provisioning users can be blocked.

But with the current version what you are trying to achieve is not possible as far as I know.

/Magnus

View solution in original post

ahmashar · ‎04-13-2013

Hi,

If I understood your question correctly, you wanted to set permission on user and groups to have access to certain endpoints but not to all. The permission for users/groups in TMS is based on whether they are Site administrator or Users or Booking, etc.

Currently in TMS based on what permission the users have been given, they can see all endpoints. If you want to set a limit on what they can see, I think you need to break the endpoints in to different domains and when you give access to someone as a booking permission then he/she can only see the endpoints on that domain but not others.

regards, Ahmad

draach-85 · ‎04-15-2013

Hi Ahmad,

what you are explaining I had realized before. I created a separate user group named "booking" and gave them access to some endpoints, but not to all. That works without any problems.

But when they are going to book a conference through the booking tab in TMS, they see the tab "Users" (see the screenshot in the first post) which contains all other users because I did an AD synchronization for Jabber. I want to prevent the users from seeing this "Users" tab.

Regards, Daniel

Magnus Ohm · ‎04-15-2013

Hi Draach

You cannot disable this access to see users in the current setup of TMS. And this might or might not be a flaw in how it is designed. If you look at the phonebooks permissions you have a lot more detailed permissions you can set. You can provide read access only without letting the user change anything but you cannot do this for the provisioning directory. Its either access or not wich will be a little overkill just to view them in the Add participant window. This is because access to the provisioning users would also give full admin access to modify provisioning settings and such. I agree with you that this might be in a twilight zone but it would have to be a feature request to add in more permissions for the Provisioning Users where read access to the provisioning users can be blocked.

But with the current version what you are trying to achieve is not possible as far as I know.

/Magnus