.. _concepts-role-based-access-for-multi-vendor-subscriber:
Role-based Access for Multi Vendor Subscribers
...............................................
Role access profiles define the permissions that allow subscribers to access services and resources.
When provisioning multi vendor services, the system runs validation checks for multi vendor
subscriber against each of four tiers in the system, at the relevant hierarchy. The service must be
enabled at each tier before the system allows access to the service:
================================= ============================================== ======================================================================================================================================
**Validation** **Interface** **Description**
1. Global Settings Admin Portal Enable the service type at the user's hierarchy level, or above.
Navigation (default menu):
**Customization > Global Settings (Enabled
tab)**
2. Entitlement profile Admin Portal Enable the service in the entitlement profile assigned to the subscriber, at the relevant site.
Services can only be provisioned to a subscriber if their entitlement profile allows those services. The entitlement profile lists
Navigation (default menu): the provisioning vendor (per service).
**Entitlement > Profiles**
3. Device management Admin Portal The relevant servers must be installed and configured before a service can be provisioned.
For example, a CUCM server must be installed before
Navigation (default menu): CUCM services, such as phones, can be provisioned.
**Apps Management > Servers** If you have two or more vendors provisioning devices,
VOSS-4-UC verifies that the required servers and devices
are configured and available for your system.
4. Field display policy Admin Portal Clone and edit the default multi vendor subscriber field display policy (default name: ``MultiVendorFDP``).
Configure multi vendor FDP: Enable multi vendor in the Business Admin Portal profile (Base/Details tab, and Subscribers tab), and select the multi vendor FDP to define the services the subscriber
can view and manage in the Business AdminPortal lists, dashboards, and service management screens.
Navigation (default menu) **Customizations >
Field Display Policies**
Enable multi vendor in the Business Admin
Portal profile:
Navigation (default menu) **Customizations >
Business Admin Portal Profiles**
================================= ============================================== ======================================================================================================================================
.. rubric:: Multi Vendor Subscriber Access Validation Example
In this example scenario, a customer admin (or higher) provides a user with site admin role with the
ability to view and edit subscriber voice services. The customer admin wants to control the actions
the site admin may perform.
* Only the Cisco Voice service is enabled for this site admin
* The site admin may edit subscriber services
* The site admin may not add or delete subscriber services
The table describes the configuration steps to set up this scenario, and the result:
========================= ================================================================
**Configuration steps**
#. Ensure the system has multi vendor subscriber functionality
installed.
#. At customer level or above, in the Global Settings
(**Enabled Services tab**), enable CUCM only.
#. In the Entitlement Profile for this user, enable CUCM
Voice Service only.
#. At site level, select **Multi Vendor Enabled** for the
Business Admin Portal access profile for subscribers, and
choose the multi vendor subscriber field display policy
(default name: ``MultiVendorFDP``)
#. At site level, configure the multi vendor subscriber field
display policy for the profile:
* Remove all service cards except Voice.
* Remove Add/Delete fields from the Quick Actions panel.
**Result** The site admin logs in to a multi vendor subscriber enabled
system, at the relevant site hierarchy, and:
* Can view subscriber voice services in the Business
Admin Portal.
* Is unable to add or delete services. Only Edit
is available in the Quick Actions
========================= ================================================================
.. rubric:: Related Topics
*
.. raw:: latex
Role-Based Access in the Core Feature Guide
.. raw:: html
<a href="concepts-role-based-access.html">Role-Based Access</a>
*
.. raw:: latex
Multi Vendor Subscribers in the Core Feature Guide
.. raw:: html
<a href="concepts-multi-vendor-subscribers.html">Multi Vendor Subscribers</a>
*
.. raw:: latex
Global Settings in the Core Feature Guide
.. raw:: html
<a href="concepts-global-settings.html">Global Settings</a>
*
.. raw:: latex
Multi Vendor Subscriber Field Display Policy in the Core Feature Guide
.. raw:: html
<a href="concept-multi-vendor-subscribers-field-display-policy.html">Multi Vendor Subscriber Field Display Policy</a>
*
.. raw:: latex
Business Admin Portal Profiles in the Core Feature Guide
.. raw:: html
<a href="business-admin/concepts-config-BAP-profiles.html">Business Admin Portal Profiles</a>
*
.. raw:: latex
Entitlement in the Core Feature Guide
.. raw:: html
<a href="entitlement.html">Entitlement</a>