Role Mapping for Prime Collaboration Assurance (PCA) (provider deployment) --------------------------------------------------------------------------- Overview .......... Service providers deploying VOSS Automate use role-based access control (RBAC) to restrict certain management actions to a specific set of users. Administrators at each level have access to the information in all hierarchy levels below them. Prime Collaboration Assurance (PCA) roles are hierarchical, in the following order: ========================== ================================================= 1. Super Administrator Includes all privileges of System Administrator, Network Administrator, Operator, and Help Desk, along with the Super Administrator permissions. 2. System Administrator 3. Network Administrator Includes all privileges of Operator and Help Desk, along with the Network Administrator permissions. 4. Operator Read-only administrative access. 5. Help Desk ========================== ================================================= Role Mapping Between VOSS Automate and PCA ........................................... The table describe how VOSS Automate roles map to the PCA roles. You can view roles in VOSS Automate via (default menus) **Role Management > Roles**. These fields are relevant in VOSS Automate: * Hierarchy Type * Service Assurance Role Type * HCS Component Access PCA roles display in the table in hierarchical order from top to bottom. The role shown in BOLD represents the highest role available. .. tabularcolumns:: |p{3cm}|p{3cm}|p{3cm}|p{3cm}|p{3cm}| +---------------+----------------+----------------------+--------------------------+-------------------------+ | Hierarchy | Service | | Prime Collaboration | | | Type in | Assurance Role | HCS Component Access | Assurance Role | Notes | | VOSS Automate | Type | | | | +===============+================+======================+==========================+=========================+ | | | | | Provider roles are | | | | | | always the top | | | | | | organization unit in | | | | | | the VOSS Automate | | | | | | navigation tree. | | | | | | | | | | | | The Provider roles can | | | | | | see all devices, | | | | | | including shared | | | | | **Super Administrator**, | devices such as Cisco | | Provider | Administrator | Fulfillment and | System Administrator, | Unified Border Element | | | | Service Assurance | Network Administrator | (SP Edition). | | | | | | | | | | | | A Provider with this | | | | | | role has | | | | | | Administrative level | | | | | | access to VOSS Automate | | | | | | and Prime Collaboration | | | | | | Assurance. | +---------------+----------------+----------------------+--------------------------+-------------------------+ | | | | | A Provider with this | | | | | | role has Administrative | | | | Service | | level access to | | | | Assurance | | VOSS Automate and Prime | | | | Only | | Collaboration | | | | | | Assurance. | +---------------+----------------+----------------------+--------------------------+-------------------------+ | | | Fulfillment | Not Applicable | A Provider with this | | | | Only | | role has | | | | | | Administrative level | | | | | | access to VOSS Automate | +---------------+----------------+----------------------+--------------------------+-------------------------+ | | | | | A Provider with this | | | | | | role has | | | | | | Administrative level | | | | Fulfillment | | read-only access to | | | Operator | and Service | **Operator**, Help Desk | VOSS Automate | | | | | | and Prime | | | | | | Collaboration | | | | | | Assurance. | +---------------+----------------+----------------------+--------------------------+-------------------------+ .. tabularcolumns:: |p{3cm}|p{3cm}|p{3cm}|p{3cm}|p{3cm}| +---------------+----------------+----------------------+---------------------------+--------------------------+ | Hierarchy | Service | | Prime Collaboration | | | Type in | Assurance Role | HCS Component Access | Assurance Role | Notes | | VOSS Automate | Type | | | | +===============+================+======================+===========================+==========================+ | | | Service | | A Provider with this | | | | Assurance | | role has | | | | Only | | Administrative level | | | | | | read-only access to | | | | | | VOSS Automate and Prime | | | | | | Collaboration | | | | | | Assurance. | +---------------+----------------+----------------------+---------------------------+--------------------------+ | | | | | A Provider with this | | | | | | role has | | | | Fulfillment | | Administrative level | | | | Only | Not Applicable | read-only access to | | | | | | VOSS Automate and Hosted | | | | | | Collaboration | | | | | | Mediation-Fulfillment. | +---------------+----------------+----------------------+---------------------------+--------------------------+ | | | | | These roles can only | | | | | | see the customer | | | | | | information that | | | | | | belongs to your | | | | | | Reseller organization. | | | | | | | | | | Fulfillment and | | A Reseller with this | | Reseller | Administrator | Service Assurance | **Network Administrator** | role has | | | | | | Administrative level | | | | | | access to VOSS Automate, | | | | | | Hosted Collaboration | | | | | | Mediation-Fulfillment, | | | | | | and Prime | | | | | | Collaboration | | | | | | Assurance. | +---------------+----------------+----------------------+---------------------------+--------------------------+ | | | | | A Reseller | | | | | | with this role | | | | | | has Administrative | | | | Service | **Network Administrator** | level access to | | | | Assurance | | VOSS Automate and Prime | | | | Only | | Collaboration | | | | | | Assurance. | +---------------+----------------+----------------------+---------------------------+--------------------------+ .. tabularcolumns:: |p{3cm}|p{3cm}|p{3cm}|p{3cm}|p{3cm}| +---------------+----------------+----------------------+----------------------------+-------------------------+ | Hierarchy | Service | | Prime Collaboration | | | Type in | Assurance Role | HCS Component Access | Assurance Role | Notes | | VOSS Automate | Type | | | | +===============+================+======================+============================+=========================+ | | | | | A Reseller | | | | | | with this role | | | | | | role has | | | | Fulfillment | | Administrative level | | | | Only | Not Applicable | access to VOSS Automate | | | | | | and Hosted | | | | | | Collaboration | | | | | | Mediation-Fulfillment. | +---------------+----------------+----------------------+----------------------------+-------------------------+ | | | | | A Reseller with this | | | | | | role has | | | | | | Administrative level | | | | Fulfillment | | read-only access to | | | Operator | and Service | **Operator**, Help Desk | VOSS Automate | | | | | | and Prime | | | | | | Collaboration | | | | | | Assurance. | +---------------+----------------+----------------------+----------------------------+-------------------------+ | | | | | A Reseller with this | | | | | | role has | | | | | | Administrative level | | | | Service | **Operator**, Help Desk | read-only access to | | | | Assurance | | VOSS Automate and Prime | | | | Only | | Collaboration | | | | | | Assurance. | +---------------+----------------+----------------------+----------------------------+-------------------------+ | | | | | A Reseller with this | | | | | | role has | | | | Fulfillment | | Administrative level | | | | Only | Not Applicable | read-only access to | | | | | | VOSS Automate. | +---------------+----------------+----------------------+----------------------------+-------------------------+ | | | | | With this role you can | | | | | | only see your own | | | | | | customer information. | | | | | | | | | | | | A Customer with this | | | | Fulfillment and | | role has | | Customer | Administrator | Service Assurance | **Network Administrator**, | Administrative level | | | | | | access to VOSS Automate | | | | | | and Prime | | | | | | Collaboration | | | | | | Assurance. | +---------------+----------------+----------------------+----------------------------+-------------------------+ | | | | | A Customer with this | | | | | | role has Administrative | | | | Service | **Network Administrator**, | level access to | | | | Assurance | | to VOSS Automate and | | | | Only | | Prime Collaboration | | | | | | Assurance. | +---------------+----------------+----------------------+----------------------------+-------------------------+ .. tabularcolumns:: |p{3cm}|p{3cm}|p{3cm}|p{3cm}|p{3cm}| +---------------+----------------+----------------------+---------------------+--------------------------+ | Hierarchy | Service | | Prime Collaboration | | | Type in | Assurance Role | HCS Component Access | Assurance Role | Notes | | VOSS Automate | Type | | | | +===============+================+======================+=====================+==========================+ | | | | | A Customer with this | | | | | | role has | | | | Fulfillment | | Administrative level | | | | Only | Not Applicable | access to VOSS Automate. | +---------------+----------------+----------------------+---------------------+--------------------------+ | | | | | A Customer with this | | | | | | role has | | | | | | Administrative level | | | | Fulfillment | | read-only access to | | | Operator | and Service | Operator, Help Desk | VOSS Automate, Hosted | | | | Assurance | | Collaboration | | | | | | Mediation-Fulfillment, | | | | | | and Prime | | | | | | Collaboration | | | | | | Assurance. | +---------------+----------------+----------------------+---------------------+--------------------------+ | | | | | A Customer with this | | | | | | role has | | | | | | Administrative level | | | | Service | Operator, Help Desk | read-only access to | | | | Assurance | | VOSS Automate and Prime | | | | Only | | Collaboration | | | | | | Assurance. | +---------------+----------------+----------------------+---------------------+--------------------------+ | | | | | A Customer with this | | | | | | role has | | | | Fulfillment | | Administrative level | | | | Only | Not Applicable | read-only access to | | | | | | VOSS Automate and Hosted | | | | | | Collaboration | | | | | | Mediation-Fulfillment. | +---------------+----------------+----------------------+---------------------+--------------------------+ Conditions for Creating DMA or SDR Users .......................................... 1. Synchronize a Domain Manager Adapter (DMA) or Shared Data Repository (SDR) user into VOSS Automate, using LDAP at the Provider hierarchy level. If you add the user manually in VOSS Automate, the user is not pushed to Prime Collaboration Assurance (PCA). 2. Assign each DMA user a DMA role. Check the role of the user in VOSS Automate (**User Management > Users** - **Base** tab), then check the HCS Component Access field (in **Role Management > Roles**) to see if the user has an Assurance role. If the user is assigned a Fulfillment role only, then the user is not pushed to PCA. Changes to User Roles After an LDAP Sync ........................................ If you make role changes to the user after the user is synched into VOSS Automate using LDAP, the changes affect the DMA SDR as follows: * If the role change is from a DMA role to another DMA role, the SDR is updated with the new role name. * If the role change is from a DMA role to a non-DMA role, the SDR user is deleted. * If the SDR user is deleted, and the user is modified so that the user's role is changed to a DMA role again, the DMA SDR User is recreated with the DMA role. * If the user is moved to a different hierarchy level, rules are applied based on the role that the user is moving to. * If a site does not have any DMA roles, then the SDR user is deleted for any user that is moved to the Site hierarchy level. * For DMA roles, the user must be a Provider Administrator, Reseller Administrator, Customer Administrator, or Operator on VOSS Automate. Site Operators are not pushed to DMA.