Role Mapping for PCA (provider deployment)¶
Overview¶
Service providers deploying VOSS Automate use role-based access control (RBAC) to restrict certain management actions to a specific set of users. Administrators at each level have access to the information in all hierarchy levels below them.
Prime Collaboration Assurance (PCA) roles are hierarchical, in the following order:
|
Includes all privileges of System Administrator, Network Administrator, Operator, and Help Desk, along with the Super Administrator permissions. |
|
|
|
Includes all privileges of Operator and Help Desk, along with the Network Administrator permissions. |
|
Read-only administrative access. |
|
Role Mapping Between VOSS Automate and PCA¶
The table describe how VOSS Automate roles map to the PCA roles.
You can view roles in VOSS Automate via (default menus) Role Management > Roles.
These fields are relevant in VOSS Automate:
Hierarchy Type
Service Assurance Role Type
HCS Component Access
PCA roles display in the table in hierarchical order from top to bottom. The role shown in BOLD represents the highest role available.
Hierarchy Type in VOSS Automate |
Service Assurance Role Type |
HCS Component Access |
Prime Collaboration Assurance Role |
Notes |
|---|---|---|---|---|
Provider |
Administrator |
Fulfillment and Service Assurance |
Super Administrator, System Administrator, Network Administrator |
Provider roles are always the top organization unit in the VOSS Automate navigation tree. The Provider roles can see all devices, including shared devices such as Cisco Unified Border Element (SP Edition). A Provider with this role has Administrative level access to VOSS Automate and Prime Collaboration Assurance. |
Service Assurance Only |
A Provider with this role has Administrative level access to VOSS Automate and Prime Collaboration Assurance. |
|||
Fulfillment Only |
Not Applicable |
A Provider with this role has Administrative level access to VOSS Automate |
||
Operator |
Fulfillment and Service |
Operator, Help Desk |
A Provider with this role has Administrative level read-only access to VOSS Automate and Prime Collaboration Assurance. |
Hierarchy Type in VOSS Automate |
Service Assurance Role Type |
HCS Component Access |
Prime Collaboration Assurance Role |
Notes |
|---|---|---|---|---|
Service Assurance Only |
A Provider with this role has Administrative level read-only access to VOSS Automate and Prime Collaboration Assurance. |
|||
Fulfillment Only |
Not Applicable |
A Provider with this role has Administrative level read-only access to VOSS Automate and Hosted Collaboration Mediation-Fulfillment. |
||
Reseller |
Administrator |
Fulfillment and Service Assurance |
Network Administrator |
These roles can only see the customer information that belongs to your Reseller organization. A Reseller with this role has Administrative level access to VOSS Automate, Hosted Collaboration Mediation-Fulfillment, and Prime Collaboration Assurance. |
Service Assurance Only |
Network Administrator |
A Reseller with this role has Administrative level access to VOSS Automate and Prime Collaboration Assurance. |
Hierarchy Type in VOSS Automate |
Service Assurance Role Type |
HCS Component Access |
Prime Collaboration Assurance Role |
Notes |
|---|---|---|---|---|
Fulfillment Only |
Not Applicable |
A Reseller with this role role has Administrative level access to VOSS Automate and Hosted Collaboration Mediation-Fulfillment. |
||
Operator |
Fulfillment and Service |
Operator, Help Desk |
A Reseller with this role has Administrative level read-only access to VOSS Automate and Prime Collaboration Assurance. |
|
Service Assurance Only |
Operator, Help Desk |
A Reseller with this role has Administrative level read-only access to VOSS Automate and Prime Collaboration Assurance. |
||
Fulfillment Only |
Not Applicable |
A Reseller with this role has Administrative level read-only access to VOSS Automate. |
||
Customer |
Administrator |
Fulfillment and Service Assurance |
Network Administrator, |
With this role you can only see your own customer information. A Customer with this role has Administrative level access to VOSS Automate and Prime Collaboration Assurance. |
Service Assurance Only |
Network Administrator, |
A Customer with this role has Administrative level access to to VOSS Automate and Prime Collaboration Assurance. |
Hierarchy Type in VOSS Automate |
Service Assurance Role Type |
HCS Component Access |
Prime Collaboration Assurance Role |
Notes |
|---|---|---|---|---|
Fulfillment Only |
Not Applicable |
A Customer with this role has Administrative level access to VOSS Automate. |
||
Operator |
Fulfillment and Service Assurance |
Operator, Help Desk |
A Customer with this role has Administrative level read-only access to VOSS Automate, Hosted Collaboration Mediation-Fulfillment, and Prime Collaboration Assurance. |
|
Service Assurance Only |
Operator, Help Desk |
A Customer with this role has Administrative level read-only access to VOSS Automate and Prime Collaboration Assurance. |
||
Fulfillment Only |
Not Applicable |
A Customer with this role has Administrative level read-only access to VOSS Automate and Hosted Collaboration Mediation-Fulfillment. |
Conditions for Creating DMA or SDR Users¶
Synchronize a Domain Manager Adapter (DMA) or Shared Data Repository (SDR) user into VOSS Automate, using LDAP at the Provider hierarchy level.
If you add the user manually in VOSS Automate, the user is not pushed to Prime Collaboration Assurance (PCA).
Assign each DMA user a DMA role. Check the role of the user in VOSS Automate (User Management > Users - Base tab), then check the HCS Component Access field (in Role Management > Roles) to see if the user has an Assurance role. If the user is assigned a Fulfillment role only, then the user is not pushed to PCA.
Changes to User Roles After an LDAP Sync¶
If you make role changes to the user after the user is synched into VOSS Automate using LDAP, the changes affect the DMA SDR as follows:
If the role change is from a DMA role to another DMA role, the SDR is updated with the new role name.
If the role change is from a DMA role to a non-DMA role, the SDR user is deleted.
If the SDR user is deleted, and the user is modified so that the user’s role is changed to a DMA role again, the DMA SDR User is recreated with the DMA role.
If the user is moved to a different hierarchy level, rules are applied based on the role that the user is moving to.
If a site does not have any DMA roles, then the SDR user is deleted for any user that is moved to the Site hierarchy level.
For DMA roles, the user must be a Provider Administrator, Reseller Administrator, Customer Administrator, or Operator on VOSS Automate. Site Operators are not pushed to DMA.