Unity 4.0(4) SR1 COS Mult-Level Administration

terrywalker · ‎06-07-2005

What I am trying to accomplish is the following:

I have created two classes of services: UnityAccountSupport and UnityAdministrators

The UnityAccountSupport Class of Service needs to have the ability to read, edit, add and delete subscribers.

The UnityAdministrators needs to have full control over all unity operations.

The issue I am having is this:

If I give all the above stated permissions to the UnityAccountSupport COS, they then have the ability to change their personal or anyone else’s class of service and escalate their privileges from “UnityAccountSupport” to “UnityAdministrators” very easily.

However, if I remove the ADD ability from this class of service, they can no longer change the class of service on any subscriber account.

The purpose of the account creation as these users need the ability to complete the functions stated above.

I have spoken with Cisco TAC, and they stated a feature request is the next process to solving this issue.

Has anyone ran across this situation before and can give some guidance.

Thanks

bemai · ‎06-07-2005

You're running into a defect in versions 4.0(4) and earlier. It is fixed in Unity 4.0(5). Unfortunately, there is no workaround.

bemai · ‎06-08-2005

Bug ID is http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCsa66850&Submit=Search

I updated the RNE yesterday to note that the defect is fixed in 4.0(5).

terrywalker · ‎06-08-2005

Does anyone know if there is an Engineering Special that addresses the fix?