EM 7.5 Unable to access System Passwords -Trying to add an LAPW account

[bobertb]

I wanted to add a LAPW user via Element Manager found I am no longer presented with System Passwords under the Security-Password heading

Per NTP
Adding an LAPW user by using Element Manager
1. Log on to Element Manager using a System password level 2 account that has
Administer Accounts privilege.
2. Click Security > Passwords > System Passwords.
The Password Accounts List page appears.

I only get "Customer Passwords" not "System Passwords" as an option

[li]The LD117 reports its self to be joined to the Security Domain and all Elements are registered.[/li]
[li]I logged into EM using the "admin" account created in UCM and it has every right possible asigned to it.[/li]
[li]I've created a 'test" account in UCM that has every right possible as well[/li]
[li]Still can't get "System Passwords" to show up with either account[/li]
[li]If it makes any difference...both these accounts can log into PDT in the CLI[/li]
Am I maybe actualy not using a "level 2 account" as per the NTP?

 

[KCFLHRC]

In 7.5 since everything is registered to UCM that is where you configure your users.

 

[bobertb]

Thank you KFCLHRC,

I'm still stumped...
I get that you create user accounts in UCM but I need to allow a user only limited access to overlays Ie; LD 10,20,95.

When you create a user account in UCM there is nothing allowing you to lockdown CLI access.(At least that I can find)
You can create a user that has something like "All elements of the type: Call Server"

The info referenced above comes right out of the 7.5 NTP Security Management Fundamentals
Avaya Communication Server 1000. I should be able to at least see the prompt referenced of "System Passwords"

 

[scotthdiv]

You need to define a Role (under Security on the main UCM page) and then assign that role to a user. If I'm not mistaken, after you define a name and description for the new role, you would pick "Call Servers" and then "CS1000". That will bring you to a screen which lets you choose what access users with that role have.

 

[KCFLHRC]

You shouldn't be logging into Element Manager with the admin 2 account anyway, you should be using one of the accounts in UCM.

 

[bobertb]

OK Guys..Got it! Thanks for pointing me in the right direction.

For those who don't want to spend half the day figuring this out yourself...

To add a new user with limited CLI terminal access (aka: LAPW account)
[ul]
[li]Go to UCM Homepage[/li]
[li]ROLES-ADD[/li]
[li]Add a new role name and description of your choice[/li]
[li]SAVE & EXIT[/li]
[li]Role Details[/li]
[li]Add Mapping[/li]
[li]Group Name >Call Servers[/li]
[li]Element Name > CS1000[/li]
[li]NEXT[/li]
[li]Template for permissions set: Default CS1000 Permissions[/li]
[li]Make sure[/li]
[li]Pick & Choose setting you want to allow user[/li]
[li]SAVE[/li]
[li]Back at ROLE DETAILS[/li]
[li]SAVE[/li]
[li]Hit REFRESH to see that you added a new ROLE[/li]
[li]Go back to UCM Home page[/li]
[li]User Services/Administrative Users[/li]
[li]Add your new user to have limited access privileges[/li]
[li]Logout of UCM[/li]
[li]In order for them to login to CLI you have to 1)Log back into UCM with your new users name & temp password 2)Change their password 3)Log out of UCM[/li]
[li]Log into PBX CLI and test that they have access only to what you’ve allowed[/li]
[/ul]*****DONE*****
I haven’t figured out a way for them to change their own password unless you give them access to UCM