Built-in roles

Last Updated : Dec 14, 2023 |

Role

Privileges

Auditor

Gives read-only access to logs, configuration information, and audit files. With this role, you cannot run any command.

System Administrator

Gives the super-user privilege.

System Administrator is the single all powerful role. With this role, you can perform operations, such as the following:

  • Backup and restore

  • Scheduling jobs

  • Bulk import and export

  • Tenant administration

  • Geographic Redundancy operations

  • Element and user management

  • Software upgrade

Note:

  • The System Administrator role replaces the Network Administrator role. System Manager does not support the Network Administrator role.

  • The page might not display all privileges that the System Administrator role supports. However, the system maps the permissions by implicit wild card rules.

Avaya Services Administrator

This role is equivalent to the System Administrator role.

Depending on the access level that is set in the E-token Authentication section on the External Authentication page, System Manager assigns this role to the service personnel who logs in to the system through E-token.

Avaya Services Maintenance and Support

Gives read-only access to maintenance logs, the capability to run diagnostics, and view the output of diagnostics tools. Using this role, you cannot run any command that might provide access to another host.

System Manager assigns the role to the service personnel who logs in to the system through E-token. The access level for the role depends on the value that is set in the E-token Authentication section on the External Authentication page.

Backup Administrator

Gives access to create backups, schedule backups, and restore backups.

Service Provider Administrator template

Gives permissions to:

  • Configure the solution

  • Manage the organization hierarchy of tenants. For example, site, department, and team.

  • Assign elements and resource permissions to the site

  • Manage end users for the tenant

  • Manage Tenant Administrators and Site Administrators

Note:

Service Provider Administrator Template is a template role.

Tenant Administrator Template

Gives permissions to:

  • Manage end users for the tenant

  • Communication Manager webpages

Note:

Tenant Administrator Template is a template role.

Discovery Admin

Gives permissions to configure the discovery parameters such as SNMP version, SNMP credentials, the subnetworks, and devices that you require to discover. You also have the permissions to schedule and run a discovery operation.

End-User

The administrator assigns this role to the telephony users.

Important:

You cannot log in to System Manager with the End-User role.

Avaya Breeze Admin

Gives read-write access to the Avaya Breeze® platform configuration.

Avaya Breeze Auditor

Gives read-only access to Avaya Breeze® platform logs, configuration information, and audit files. With the Auditor role, you cannot run any command that might provide access to another host.

Avaya Breeze Server Admin

Gives read and write access to all Avaya Breeze® platform management functionality.

Avaya Breeze Service Profile Admin

Gives write access only for Service Profiles.

Avaya Breeze Services Admin

Gives write access only for Service Management.

Communication Manager Admin

Gives you access and permission to perform all activities related to Communication Manager.

Messaging System Admin

Gives you access and permission to perform all activities related to Messaging or mailbox. You cannot perform any tasks related to Communication Manager as a Modular Messaging administrator.

Presence Admin

Gives read-write access to the Presence configuration.

Presence Auditor

Gives read-only access to logs, configuration information, and audit files. With the Auditor role you cannot run any command that might provide access to another host.

Security Administrator

Gives read-write access to create other logins, create, modify or assign roles, install ASG keys, install licenses, and install PKI certificates and keys.

SIP AS Auditor

Gives read-only access to all SIP Foundation server management functionality.

SIP AS Security Administrator

Gives access to the security features provided by the SIP Foundation server. For example, Security Extension.

SIP AS System Administrator

Gives read and write access to all SIP Foundation server management functionality.

CS1000_Admin1

Gives unrestricted OAM access to most administrative functions and provisioning for all customers on all call servers and related elements. However, the role does not give access to the security and account administration. The role includes basic diagnostic (PDT1) privileges and access to network-level services for deployment, update, and SNMP management for CS 1000 systems. Gives authorization to use all roles on all User Management elements with all permissions.

You can access the following elements:

  • All elements of type: CS 1000

  • All elements of type: Deployment Manager

  • All elements of type: Linux Base

  • All elements of type: Patching Manager

  • All elements of type: SNMP Manager

As this role gives permissions to All elements of type: Linux Base, you cannot use this role if you only require authorization to manage CS 1000 systems. The administrator must create a custom role for the user who requires to manage CS 1000 systems.

CS1000_Admin2

Provides unrestricted OAM access including security and account administration, and provisioning for all customers on all call server elements. The role also includes basic diagnostic (PDT1) privileges and access to network-level services for deployment, patching, SNMP, IPsec and SFTP management for CS 1000 systems.

You can access the following elements:

  • All elements of type: CS1000

  • All elements of type: Deployment Manager

  • All elements of type: IPSec Manager

  • All elements of type: Linux Base

  • All elements of type: Patching Manager

  • All elements of type: Secure FTP Token Manager

  • All elements of type: SNMP Manager

As this role gives permissions to All elements of type: Linux Base, you cannot use this role if you only require authorization to manage CS 1000 systems. The administrator must create a custom role for the user who requires to manage CS 1000 systems.

CS1000_CLI_Registrar

Provides permission to register and unregister each CS 1000 elements, such as Call Server, MGC, and Media Card, using the local device OAM CLI. The role has a single permission value to allow or deny a user to register or unregister an element.

You can access the following elements:

  • All elements of type: CS1000

  • All elements of type: Linux Base

The role does not have CS 1000 security or network level security privileges. The installation and repair technicians specifically require this role.

CS1000_PDT2

Gives full diagnostic and operating system access to all call servers. The role restricts access to administrative functions and customer provisioning data unless combined with another role.

You can access All elements of type: CS1000.

MemberRegistrar

Gives limited access. You can register new members to the primary server.

You can access the following elements:

  • All elements of type: IPSec Manager

  • All elements of type: LinuxBase

Patcher

Gives access to software maintenance functions, such as update and maintenance. You can access the following elements:

  • All elements of type: Linux Base

  • All elements of type: Patching Manager

Service Technician

The system assigns the role to the service personnel when the service personnel connects to customer systems through the e-token. The Service Technician role has limited privileges as compared to the Avaya Services Administrator role.