Role Mapping for Prime Collaboration Assurance¶
Service providers deploying VOSS-4-UC use role-based access control (RBAC) to restrict certain management actions to a specific set of users. Administrators at each level have access to the information in all hierarchy levels below them.
Prime Collaboration Assurance roles are hierarchical in the following order:
- Super Administrator - Includes all privileges of System Administrator, Network Administrator, Operator, and Help Desk, along with the Super Administrator permissions.
- System Administrator.
- Network Administrator - Includes all privileges of Operator and Help Desk, along with the Network Administrator permissions.
- Operator - Read-only administrative access.
- Help Desk.
VOSS-4-UC roles map to the Prime Collaboration Assurance roles shown in the following table. You can find Roles in VOSS-4-UC under Role Management > Roles. The three drop-down lists that are important in VOSS-4-UC are Hierarchy Type, Service Assurance Role Type, and HCS Component Access.
Prime Collaboration Assurance roles are shown in the following table in hierarchical order from top to bottom. The role shown in BOLD represents the highest role available.
Role Mapping Between VOSS-4-UC and Prime Collaboration Assurance¶
| Hierarchy Type in VOSS-4-UC | Service Assurance Role Type | HCS Component Access | Prime Collaboration Assurance Role | Notes |
|---|---|---|---|---|
| Provider | Administrator | Fulfillment and Service Assurance | Super Administrator, System Administrator, Network Administrator | Provider roles are always the top organization unit in the VOSS-4-UC navigation tree. The Provider roles can see all devices, including shared devices such as Cisco Unified Border Element (SP Edition). A Provider with this role has Administrative level access to VOSS-4-UC and Prime Collaboration Assurance. |
| Service Assurance Only | A Provider with this role has Administrative level access to VOSS-4-UC and Prime Collaboration Assurance. | |||
| Fulfillment Only | Not Applicable | A Provider with this role has Administrative level access to VOSS-4-UC | ||
| Operator | Fulfillment and Service | Operator, Help Desk | A Provider with this role has Administrative level read-only access to VOSS-4-UC and Prime Collaboration Assurance. |
| Hierarchy Type in VOSS-4-UC | Service Assurance Role Type | HCS Component Access | Prime Collaboration Assurance Role | Notes |
|---|---|---|---|---|
| Service Assurance Only | A Provider with this role has Administrative level read-only access to VOSS-4-UC and Prime Collaboration Assurance. | |||
| Fulfillment Only | Not Applicable | A Provider with this role has Administrative level read-only access to VOSS-4-UC and Hosted Collaboration Mediation-Fulfillment. | ||
| Reseller | Administrator | Fulfillment and Service Assurance | Network Administrator | These roles can only see the customer information that belongs to your Reseller organization. A Reseller with this role has Administrative level access to VOSS-4-UC, Hosted Collaboration Mediation-Fulfillment, and Prime Collaboration Assurance. |
| Service Assurance Only | Network Administrator | A Reseller with this role has Administrative level access to VOSS-4-UC and Prime Collaboration Assurance. |
| Hierarchy Type in VOSS-4-UC | Service Assurance Role Type | HCS Component Access | Prime Collaboration Assurance Role | Notes |
|---|---|---|---|---|
| Fulfillment Only | Not Applicable | A Reseller with this role role has Administrative level access to VOSS-4-UC and Hosted Collaboration Mediation-Fulfillment. | ||
| Operator | Fulfillment and Service | Operator, Help Desk | A Reseller with this role has Administrative level read-only access to VOSS-4-UC and Prime Collaboration Assurance. | |
| Service Assurance Only | Operator, Help Desk | A Reseller with this role has Administrative level read-only access to VOSS-4-UC and Prime Collaboration Assurance. | ||
| Fulfillment Only | Not Applicable | A Reseller with this role has Administrative level read-only access to VOSS-4-UC. | ||
| Customer | Administrator | Fulfillment and Service Assurance | Network Administrator, | With this role you can only see your own customer information. A Customer with this role has Administrative level access to VOSS-4-UC and Prime Collaboration Assurance. |
| Service Assurance Only | Network Administrator, | A Customer with this role has Administrative level access to to VOSS-4-UC and Prime Collaboration Assurance. |
| Hierarchy Type in VOSS-4-UC | Service Assurance Role Type | HCS Component Access | Prime Collaboration Assurance Role | Notes |
|---|---|---|---|---|
| Fulfillment Only | Not Applicable | A Customer with this role has Administrative level access to VOSS-4-UC. | ||
| Operator | Fulfillment and Service Assurance | Operator, Help Desk | A Customer with this role has Administrative level read-only access to VOSS-4-UC, Hosted Collaboration Mediation-Fulfillment, and Prime Collaboration Assurance. | |
| Service Assurance Only | Operator, Help Desk | A Customer with this role has Administrative level read-only access to VOSS-4-UC and Prime Collaboration Assurance. | ||
| Fulfillment Only | Not Applicable | A Customer with this role has Administrative level read-only access to VOSS-4-UC and Hosted Collaboration Mediation-Fulfillment. |
Rules for Creating Domain Manager Adapter and Shared Data Repository Users¶
- Synchronize a DMA or SDR user into VOSS-4-UC using LDAP at the Provider hierarchy level. If you add the user manually in VOSS-4-UC, the user is not pushed to Prime Collaboration Assurance.
- Assign each DMA user a Domain Manager Adapter (DMA) role. Check the role of the user in VOSS-4-UC (User Management > Users - Base tab), then check the HCS Component Access field (in Role Management > Roles) to see if the user has an Assurance role. If the user is assigned a Fulfillment role only, then the user is not pushed to Prime Collaboration Assurance.
Changes to User Roles After an LDAP Sync¶
If you make role changes to the user after the user is synched into VOSS-4-UC using LDAP, the changes affect the DMA SDR as follows:
- If the role change is from a DMA role to another DMA role, the SDR is updated with the new role name.
- If the role change is from a DMA role to a non-DMA role, the SDR user is deleted.
- If the SDR user is deleted, and the user is modified so that the user’s role is changed to a DMA role again, the DMA SDR User is recreated with the DMA role.
- If the user is moved to a different hierarchy level, rules are applied based on the role that the user is moving to.
- If a site does not have any DMA roles, then the SDR user is deleted for any user that is moved to the Site hierarchy level.
- For DMA roles, the user must be a Provider Administrator, Reseller Administrator, Customer Administrator, or Operator on VOSS-4-UC. Site Operators are not pushed to DMA.
