Controlling ODBC/JDBC database access (dbaccess)

Last Updated : Dec 19, 2024 |

About this task

By default, the CMS database has open access permissions as a standard feature which allows permission to any CMS login, connecting to CMS through ODBC/JDBC, to view any CMS table.

You can use this process to limit which CMS logins have ODBC/JDBC access to the CMS database.

  • Adding a single CMS login to the dbaccess group disables open access permissions for all users who are not members of the dbaccess group.

  • The dbaccess utility does not provide the ability to control which tables the CMS login has access to, or which ACD data the CMS login can view.

Procedure

  1. Log in to the CMS server with root privileges.

    • To log in as root from a remote connection, you must log in using an CMS user ID, then enter su - root to log on with root privileges

  2. You need to add each CMS login, allowing ODBC/JDBC access to the CMS database, to the Linux group dbaccess.
    1. Enter usermod -G dbaccess cmslogin where cmslogin is the user-id of the specific CMS login to be placed in the group.
    2. Repeat the usermod command for each CMS login for which you want to provide CMS database access
  3. To check which logins are in the dbaccess group, enter: cat /etc/group | grep dbaccess.
  4. Enter cmsadm. The system displays the administration menu.
  5. Select the dbaccess option. The system displays the following message: 
    Begin CMS DB Access Permissions changes
grant resource to "public";
Your CMS database currently has public access permissions to all resources. Do you
wish to revoke this access and only grant access to specific CMS users? [y,n,?]
  6. Enter: Y. The process continues. The system displays the following messages: 
    Please wait while CMS Informix Database permissions are changed.
revoke resource from public;
revoke connect from public;
grant connect to cms;
grant connect to cmssvc;
Revoke resource from public on CMS database.
Please wait while connect permissions are granted for requested users
grant connect to <cmslogin>;
grant connect to <cmslogin>;
...
Changes to CMS DB Access Permissions finished.
    Note:

    The output displays one grant connect message per CMS login, including logins already in the dbaccess group with connect permissions. To remove ODBC/JDBC access permissions for CMS logins, first remove them from the Linux dbaccess group then run dbaccess from theAvaya Call Management System Administration menu. menu

    After the changes are complete, you may use the CMS logins to run ODBC/JDBC clients and access the CMS database.

  7. Remove ODBC/JDBC access permissions for CMS logins from the Linux dbaccess group. Enter: usermod –G “” cmslogin
  8. Enter cmsadm. The system displays the administration menu.
  9. Select the dbaccess option. The system displays the following message: 
    Begin CMS DB Access Permissions changes
Please wait while connect permissions are granted for requested users
grant connect to <cmslogin>;
...
Changes to CMS DB Access Permissions finished.

    The Linux dbaccess group information is reset to only provide access permissions to members remaining in the Linux dbaccess group.

  10. Run the usermod command for each CMS login in the dbaccess group. Enter: 
    usermod –G “” cmslogin1
usermod –G “” cmslogin2
usermod –G “” cmslogin3
  11. Enter cmsadm. The system displays the administration menu.
  12. Select the dbaccess option. The system displays the following message: 
    Begin CMS DB Access Permissions changes
No CMS user ids are in UNIX group dbaccess.
If you proceed, the CMS database will
be set to public permissions access for all resources.
Do you really want to do this? [y,n,?]
  13. Enter: Y. The process restores public permissions to the CMS database. The system displays messages similar to the following: 
    Please wait while CMS Informix Database permissions are set to public.
grant resource to public;
revoke connect from cms;
revoke connect from cmssvc;
Grant resource to public on CMS database.
Changes to CMS DB Access Permissions finished.
Related information
Using the CMSADM menu