With Granular role based access control (RBAC), you can restrict access to resources such as Communication Manager servers, and objects of the resources such as endpoints and hunt groups.
When you create a role, you must select the resources for which a user should have access. You can assign permissions, or a combination of permissions to users. The permissions include adding, editing, deleting, or duplicating objects.
For certain objects, you can provide restricted access for a specific range to achieve range-level granularity of permissions. For example, for endpoints, you can provide access to a particular range of extensions.
Using Granular RBAC, you can define the range for the following Communication Manager objects:
Name |
Supported range |
Endpoint |
Endpoint extension ranges |
Agent |
Agent extension ranges |
Announcement |
Announcement extension ranges |
Audio Group |
1–50 |
Best Service Routing |
1–511 |
Holiday Table |
1–999 |
Variables |
From A-Z and AA-ZZ for all Communication Manager templates |
Vector |
1–8000 |
Vector Directory Number |
Digits |
Vector Routing Table |
1–999 |
Service Hours Table |
1–999 |
Coverage Answer Group |
1–1500 |
Coverage Path |
1–9999 |
Coverage Remote |
1–10000 |
Coverage Time of Day |
1–1000 |
Off PBX Endpoint Mapping |
Off PBX Endpoint Mapping range |
Group Page |
1–999 |
Hunt Group |
1–8000 |
Intercom Group |
1–1024 |
Pickup Group |
1–5000 |
Terminating Extension Group |
1–32 |
Route Pattern |
1–2000 |
Class of Restriction |
0–995 |
Uniform Dial Plan |
UDP range |
The roles and permissions also apply to the classic view apart from the Communication Manager objects mentioned.
Granular RBAC is not applicable when you view the Communication Manager objects by clicking Element Cut Through. However, to access Element Cut Through, you must have the Element Cut Through permissions.
When you assign a role to a user, the range permissions are considered along with the operation permissions.
You must log off and log in for any permission you assign to take effect.
