CICD 210-060

CICD 210-060

User Management Roles and Groups

CUC Manager CLI Access

From the Command-Line Interface we can perform various tasks that maybe we need to in the event of an emergency, like maybe reset the Administrative password or we can start and restart a service, that's also very helpful. We could even shut down the system or switch between versions. What the system does is if you have upgraded from a previous version it keeps that. So maybe things aren't going so well on the new upgraded version we can revert back to an older version that was running properly. So there is a whole bunch of commands. There are show commands, you can use a question mark to see what all the optional parameters are. There is even a set parameters and disable, unset is the disable. There is a File to manage files on the system. There's a Run to start a process on the system. And we can use the up and down arrows for the command history.

Command Line Interface is starting up, please wait ...
 
   Welcome to the Platform Command Line Interface
 
VMware Installation:
        2 vCPU: Intel(R) Xeon(R) CPU E5-2430 0 @ 2.20GHz
        Disk 1: 80GB, ERROR-UNSUPPORTED: Partitions unaligned
        2048 Mbytes RAM
 
admin:
      delete*
      file*
      help
      license*
      quit
      run*
      set*
      show*
      unset*
      utils*
     

The error which you are seeing above is because the CUCM wasn't installed by using the OVA files provided by Cisco. Basically there is nothing to worry about if you are using such installation for demo or lab purposes.

Now be careful, even though you are kind of protected from yourself out there you could inadvertently change something that could make the operation of that server not so good, not so stable. So be careful when you are out there looking, try not to do too many changes when you are out there. Try not to delete parameters unless you really know that that is something that you need to do, so that you don't bring that server down.

User Management: Roles

As Administrators there might be different levels of Administrators, I call it, that you want to have accessing the system. Some of them you might only want to give them a read-only view. Maybe it's somebody who just adds users to the system and you don't want them in managing phones and devices and other things, but you want them to be able to see that information, that's your read-only. There is also no access, so you can deny people from even getting into certain areas. And then there is full access, which allows you to view and modify everything that is out there. And with this roles, we really setup groups and there is a group of resources, it's on a menu basis in our applications and for standard roles we already have created the CCM End users and the CCM Administrative user accounts. There are other accounts out there too if you take a look, but we can go in and setup custom roles, and basically what happens is we go into that role and we say what particular menus we want them to have access to and then we give them the appropriate permissions, if it's read or if it's full access, whatever it is that we want to take place.

Custom Roles

In order to setup custom roles, which I highly advise, you need to know that the areas where we can do this is based on applications. The full-blown Administrative page, then we've got Serviceability, we've also got the Telephone Interface, that would be users. Then we also have the Database, Extension Mobility and then of course the end user themselves that can manage their own web pages. Now let's say that I want to give someone access to manage route patterns, what I go in and do is I would say "okay, I want to have the Communications Manager Administrative application accessible to them and I would want to choose the menu option for the route pattern", and now I would say whether or not they had no access read/full control and I would assign that to them.

User Management: Groups

Now to assign that user the permission, for example, to access that route pattern I would setup a group. And this is going to be a list of the application users and/or end-users that I want to have access to this resource. So, I would add a user group first, then I would add the user that I have created to the group, then assign that role, in my example that route pattern Administrator I would sign that role to the group. Now users that are within that group are going to have those appropriate permission. If we have two different groups and we've got a couple of different roles and resources and two different permission levels, what if I was a member of both? What is the default? Well the default is the maximum privilege level. So if I had full and read I would get full, right because that is the maximum level. So I would want to make sure too as I set these up that I take a look and make sure that I am not inadvertently giving someone permissions that they shouldn't have to access certain resources.

Default and Custom Roles

Utilizing the default roles - there are some roles that are setup with phones, users and gateways. And the Administrator has no access to anything else in this default role. But we can create a new group and assign the relevant default roles to it. So you can see these different roles, Gateway Management, Phone Management, User Management. We assign all of those to the group, so now that user has permission to go in and manage those devices.

Now we can also create custom roles. So the Administrator can configure phones and users, and we can view a Calling Search Spaces and Partition configuration as well. We don't want to have the Administrator to have any access to anything else, so we'll create a new role specify the resources and then assign the custom role to that group.