Role Based Access Control

Last Updated : Nov 03, 2016 |

Role Based Access Control (RBAC) in System Manager supports two types of roles:

  • Built-in

  • Custom

Built-in roles are the default roles provided by System Manager. You can assign built-in roles to users. You cannot change or delete the permission mappings in the built-in roles.

Some of the important built-in roles and the privileges are as follows:

Role

Privileges and limitations

Auditor

  • Read-only access to the system.

  • Read-only access to logs, configuration information and audit files.

Not allowed to run any commands.

Session Manager and Routing Administrator

Read-write access to the Session Manager and Routing web pages.

Session Manager and Routing Auditor

Read-only access to the Session Manager and Routing web pages.

Security Administrator

  • Create other logins.

  • Create, modify, or assign roles.

  • Install licenses.

  • Install PKI certificates and keys.

Backup Administrator

Perform backups and restores.

System Administrator

  • Read-write access to system parameters.

  • Modify, assign, or define other roles.

  • Create and modify logins and all other functionalities.

Avaya Maintenance and Support

  • Read-only access to maintenance logs.

  • Run diagnostics.

  • View the output of diagnostics tools.

Not allowed to run any command that may provide access to another host.

Custom roles access

The administrator can define custom roles to have access to the Session Manager and Routing web pages.

Note:

Only the following built-in roles provide access to the Session Manager and Routing web pages:

  • Auditor

  • Session Manager and Routing Administrator

  • Session Manager and Routing Auditor

  • System Administrator

  • Avaya Services Administrator

Permissions

With the Session Manager RBAC feature, a system administrator can assign permissions to specific Session Manager and Routing web pages. A user can access or modify only those web pages for which the user is authorized.

The possible permissions include:

  • Total read/write permissions. The administrator can view the page and can make modifications to all of the administered fields which are on the page.

  • Read-only permissions. The administrator can view the entire page, but cannot make any changes to the fields on the page. The administered fields display the current contents, and the buttons are not operational.

Important:

Providing full access to the Session Manager and Routing web pages does not automatically entitle a user to access the following System Manager elements. You must explicitly grant access permissions to these System Manager web pages:

  • Replication

  • Inventory > Manage Elements

  • User Management

On the Permission Mapping page, the administrator can grant the role:

  • Access to all Session Manager and Routing pages.

  • Access to specific pages.