Re: GrantUnityAccess

tonyw1538 · ‎06-17-2005

We are using Unity 4.0(4) SR1.

Has anybody come up with a clever way to run GrantUnityAccess from a remote workstation (rather than a terminal services or VNC session to the server)?

I would like to be able to allow my account-maintenance person to grant administrative assistants access to their boss' Unity accounts without giving the accounts-maintenance person an interactive session on the server!

One idea would be to create a parameters file, the contents of which could be passed to the "GrantUnityAccess" command that runs as a scheduled task. That is a security nightmare because I cannot really control what gets keyed into that file, and my accounts person cannot see the response to the command (and there is no administrative way to tell if it worked).

If I knew the specific changes made in each SQL table (or if there were an API exposed for this purpose) I suppose I could script a solution and provide a web interface to my accounts administrator.

The ideal solution, of course, would be to expose this feature in the web-based System Administrator utility, but I realize that comment needs to go to my local SE.

Thanks for any ideas you care to share,

- Tony -

lindborg · ‎06-17-2005

Well, if it were me, I'd go to SQL - i have numerous examples on my site for how to do this remotely and call stored procs and such.

The table for this is very simple - it's a mapping of credentials to a subscriber object ID (unique identifier for a subscriber table entry). Pretty basic... if you want to go that route, it is (of course) not tAC supported - but fiddling with the credentials table (i.e. adding entries) is not terribly dangerous. Removing entries is another matter (i.e. you can remove user's rights to access the SA/PCA entirely).

This is certainly going to be easier (and more secure) than firing off scripts remotely that read in files and such...

You can ping me off line if you want more details on the table and how to use it.