You can use Avaya Aura® MS Role Based Access Control (RBAC) when you configure the account management policy to use Avaya Aura® Media Server as the authentication and authorization source.

Using RBAC requires that you create roles for each job function. Next, you define the permission level for each EM task in role. Finally, you can then assign roles that match the job function requirements of each administrator.

The system includes one default administrator with the name admin and with the default role of System Administrator. You cannot modify or delete the default role. You can change the password for the default administrator but you cannot delete the default administrator. The system does not disable the default administrator account after multiple failed login attempts. However, after the configured number of failed login attempts is exceeded, the system generates warning event logs for each default administrator login failure.

In an Avaya Aura® MS cluster, administrators, roles, and permissions are configurable on the Primary media server only. If configuration replication is enabled, changes made on the Primary server are automatically replicated to the other servers in the cluster. You can view but not edit the configuration on the non-Primary servers of the cluster.

You must select Avaya Media Server as the authentication and authorization source to use Avaya Aura® MS RBAC and the procedures in this section.