Specifications

ManualsBrandsCisco ManualsAnswering MachineUnity Express 8.0 Voice-Mail System

201

202

203

204

205

206

207

208

209

210

8-13

Cisco Unity Express Voice-Mail and Auto-Attendant CLI Administrator Guide for 3.0 and Later Versions

OL-14010-09

Chapter 8 Configuring Authentication, Authorization, and Accounting

Configuring Privileges

Configuration Example

In this example, a company wants a security structure with two levels of security administration. The

two levels allow the following actions to be taken by the administrator:

• The first level enables the security administrator to reset the passwords and PINs for users that have

locked themselves out of the system, whether they forgot their password or their account is locked

because of too many failed login attempts. This level will be called PASSWORD RESET.

• The second level enables the security administrator to act as a system guardian by:

–

Ensuring that the proper security policies are implemented for issues such as password aging,

account lockout, encryption, authentication, authorization, and accounting

–

Ensuring that voicemail messages and other data remain safe from attackers without over

burdening end users with security related details and tasks

–

Monitoring the system to ensure that only legitimate users have access

–

Troubleshooting any problems that legitimate users have with accessing the system

–

Resetting passwords and PINs for users that have locked themselves out of the system, whether

they forgot their password or their account is locked because of too many failed login attempts

This level will be called SYSTEM GUARDIAN

When you use the general planning and configuration steps as described in the “Configuring Privileges”

section on page 8, to set up the security administration levels for this example, these are the results:

• You have already decided:

–

How many levels or categories of user privileges you want to create for your company

–

Which functions each privilege will allow your users to perform

There will be two levels, called PASSWORD RESET and SYSTEM GUARDIAN, as described

above.

• After reviewing the predefined privileges to determine whether any of them are similar to the

permissions that you want to give each of your security levels, you find that:

–

The predefined privilege called manage-passwords can be used for the security level named

PASSWORD RESET because it has all of the permissions needed to help users that have locked

themselves out of the system.

–

The manage-passwords privilege also has a subset of the permissions needed the security level

named SYSTEM GUARDIAN and is the predefined privilege closest to your requirements.

However, to act as system guardian, the following additional operations will have to included:

security.access, security.aaa, security.password, security.pin, system.debug, and system.view.

See

Table 8-2 on page 10 for more information.

• Use the following commands to configure a privilege for the SYSTEM GUARDIAN security level

by including the predefined privilege manage-password and adding the operations listed in the

previous bullet:

se-10-0-0-0(config)# privilege guardian-privilege create

webapp.modify Deploy web applications on Cisco Unity Express.

webapp.control Start, stop, or restart web applications.

Table 8-2 Operations (continued)

Operation Description