[Index]
Overview
This topic describes the system level settings configurable via the Settings page, where a sysadmin user with access to the data/Settings model can view and modify the following global system level settings for Automate:
Note
Provider admins and admins at hcsadmin have access to the System Settings page (view/DataSettings) for managing transaction log levels only - this page is available via the default menus, Administration Tools > System Settings, and is a limited version of data/Settings.
Configure Transaction Log Levels
System transaction log levels refer to the configured verbosity level of the transaction logs in Automate. Available transaction log levels for Automate are as follows:
Note
See Transaction Log Levels for details.
The following Automate admin users can view and modify transaction log levels in Automate:
Supported File Extensions
Users with system administrator privileges to the data/Settings model, typically, sysadmin, can manage valid file extensions in Automate.
By default, the following file extensions are specified as supported in the Global instance of data/Settings, which means that files with these extensions can be uploaded to Automate.
The sysadmin user can add or remove file extensions. Unsupported files can't be uploaded or imported, and will trigger a system error.
Disable Device Logging
Users with system administrator privileges to the data/Settings model, typically, sysadmin, can enable or disable device logging.
When setting Disable Device Logging to enabled (on the Settings page). then CUCM AXL (and other external calls) requests and responses aren't written to the transaction log, and neither are generic driver requests, responses, template evaluations, and macro evaluations. These details won't display for the relevant transactions under Administration Tools > Transaction Log.
Activate Phone Status Service
High level admins (sysadmin) with access to the data/Settings model (default menus, Administration Menu > Settings) can view and update the Activate Phone Status Service checkbox, which is enabled by default.
When enabled, this setting indicates that the real-time information (RIS) data collector service is enabled and is polling the CUCM to obtain the latest phone registration status information for phone instances stored in the Automate database. The polling default interval is 43200 seconds (12 hours).
For details, see the System Monitoring Configuration (Metrics Collection) topic in the Advanced Configuration Guide.
However, When viewing a list of phones, the status action can be carried out by an administrator who has been assigned a role that has an access profile to enable this action. By default, an administrator above provider level can carry out this task from the Role Management > Access Profiles menu - in this case, for relation/SubscriberPhone.
Carrying out this operation fetches the Unified CM phone IP address and status directly from the Unified CM and displays the data on the Phones list view Registration Status and IP Address columns, updating any existing data shown.
Important
Since the result of the status action is in real time, the current status of the list requires that the action carried out in order to see the latest values.
There is no caching of data resulting from this action. If any values show in the columns before carrying out this action, these would not be current, but are the cached values from the RIS data collector if it is enabled.
When carrying out the status action, the data in the Registration Status and IP Address columns can only be viewed.:
Note
When clearing or enabling the check box on data/Settings, log in on the platform command line interface (CLI) and restart the service:
$ cluster run application app start voss-risapi_collector
When clearing this setting and then restarting the (RIS) data collector service, an app.log entry will show: "message":"RIS API service disabled".
Refer to the Platform Guide for commands to inspect log files.
Example log entry below (line breaks added):
2020-03-26T20:06:00.346577+00:00 VOSS-UN-2 deviceapi.background.risapi INFO
{"process_id":24,
"hostname":"VOSS-UN-2-voss-risapi-collector",
"name":"deviceapi.background.risapi",
"level":"INFO",
"utc_iso_timestamp":"2020-03-26T22:06:00.346268",
"request_uuid":null,
"user_hierarchy":null,
"user":null,
"message":"RIS API service disabled",
"line":330,
"parent_process_id":1
}
Additional Role Access Profile Validation
High level admins (sysadmin) with access to the data/Settings model (default menus, Administration Menu > Settings) can view and update the Additional Role Access Profile Validation setting to manage the available roles when an administrator creates access profiles.
The table describes how the system works when the Additional Role Access Profile Validation setting is enabled or disabled:
| Enabled | An admin can only assign a role to a user if it is linked to an access profile with permissions that are in the subset of the admin's own access profile. Role drop-down lists will therefore be restricted. If the macro function fn.filter_roles_by_user_access_profile is used, the setting needs to be enabled for roles to be filtered. This validation check also applies when admins manage multi-role admin users - where the role is associated with an Authorized Admin Hierarchy. |
| Disabled | (Default) An admin can assign any role to a user, regardless of the admins own access profile. Role drop-down lists will therefore not be restricted. If the macro function fn.filter_roles_by_user_access_profile is used, the roles will not be filtered. This validation check also applies when administrators manage multi-role admin users - where the role is associated with an Authorized Admin Hierarchy. |
Note
See the macro topic Filter Role Functions for details on the use of the fn.filter_roles_by_user_access_profile function.
File Upload Limitations
High level admins (sysadmin) with access to the data/Settings model (default menus, Administration Menu > Settings) can view and update file upload size limitations and file time to live on the database.
By default, the following file limitations apply:
Note
Files are uploaded to the system database during activities such as:
The time-to-live value applies to uploaded files that have not been used, in other words, imported or processed. By default, a check is done every 24 hours for such files, after which time they are removed.
Time-To-Live for Uploaded Files
High level admins (sysadmin) with access to the data/Settings model (default menus, Administration Menu > Settings) can view and update the time-to-live for uploaded files.
Note
Files uploaded from file management menus on the Automate GUI and listed as instances of data/File are not affected.
Uploaded bulk load files and imported JSON files are affected; however:
Data Sync Workflow Execution Control
High level admins (sysadmin) with access to the data/Settings model (default menus, Administration Menu > Settings) can view and update lists of device attributes affected by data sync in the Data Sync Workflow Execution Control settings (allowlist and denylist attributes):
| List | Description |
|---|---|
| Allowlist Attributes | When this list contains a field, then only a change in that field and not any other field will trigger data sync workflows, regardless of the list of the Denylist Attributes. In other words, this list takes precedence over the existing list of Denylist Attributes. |
| Denylist Attributes | Items in this list will not trigger any update workflows that may have been defined to execute during the data sync. These attributes are therefore excluded from data sync considerations. The reason for this list of attributes is that while data sync operations can have a performance impact, some data sync attribute changes do not require data sync workflows to be carried out. Note however that the local device cache will still be updated with the updated attribute data. No update workflows will be run, though. The transaction logs will indicate the updated device cache, but the transactions for these attributes instances will show as: Device changes on denylisted attributes only. Updating cache, skipping workflows. |
Related Topics
Allowlists and Denylists in the Core Feature Guide.
Microsoft Sync Overview in the Best Practices Guide.
Device Overwrite Check Exemptions
High level admin users (sysadmin) with permissions to access the Global instance of the settings in the data/Settings model can create a list of fields to be excluded from device overwrite checking.
This means that if the field changes on the device, it will not be overwritten by data in VOSS Automate. The most common situation where this might be necessary is where a device field changes, but does not affect the data on VOSS Automate, because the data is treated as read only in VOSS Automate.
Enable Wingman Chat
High level admin users (sysadmin) with permissions to access the Global instance of the settings in the data/Settings model (default menus, Administration Menu > Settings) can enable or disable the VOSS Wingman AI assistant or copilot.
By default, Enable Wingman Chat is enabled, and the Wingman icon displays on the Admin Portal toolbar, if the user role is associated with an access profile that has Wingman Chat enabled under the Miscellaneous Permissions.
Refer to the VOSS Wingman topic in the Core Feature Guide.
Wingman Web Proxy
High level admin users (sysadmin) with permissions to access the Global instance of the settings in the data/Settings model (default menus, Administration Menu > Settings) can select a Web Proxy name that has been added as an instance on the Web Proxy menu and which will be used by VOSS Wingman on environments that require web proxy access to the internet.
Refer to:
"Set up a Web Proxy" in the Core Feature Guide.
VOSS Wingman in the Core Feature Guide.
For users with system administrator privileges to the data/Settings model, the valid file extensions can be managed.
By default, the following file extensions are in the Global instance of this model and are valid. This means that files with this extension can be uploaded to VOSS Automate:
File extensions can be added or removed by this administrator. Files that do not have an extension that corresponds with an instance in this model, cannot be loaded or imported. An error message will display on the user interface to indicate that the file does not have a valid file extension.
For users that have access to the data/Settings model, device logging can be managed.
If the Disable Device Logging check box is enabled, Unified CM AXL (and other external calls) requests and responses are not written to the transaction log. Generic driver requests, responses, template evaluations and macro evaluations are also not written to the transaction log.
These details will then not be shown for the relevant transactions under Administration Tools > Transaction Log.
System administrators with access to data/Settings can see the Activate Phone Status Service check box that is enabled by default. This indicates that the real-time information (RIS) data collector service is enabled and is polling the Unified CM to obtain the latest phone registration status information for phone instances stored in the VOSS Automate database. The polling default interval is: 43200 seconds (12 hours).
For details, refer to the Metrics Collection topic in the Advanced Configuration Guide.
However, When viewing a list of phones, the status action can be carried out by an administrator who has been assigned a role that has an access profile to enable this action. By default, an administrator above provider level can carry out this task from the Role Management > Access Profiles menu - in this case, for relation/SubscriberPhone.
Carrying out this operation fetches the Unified CM phone IP address and status directly from the Unified CM and displays the data on the Phones list view Registration Status and IP Address columns, updating any existing data shown.
Important
Since the result of the status action is in real time, the current status of the list requires that the action carried out in order to see the latest values.
There is no caching of data resulting from this action. If any values show in the columns before carrying out this action, these would not be current, but are the cached values from the RIS data collector if it is enabled.
When carrying out the status action, the data in the Registration Status and IP Address columns can only be viewed.:
Note
When clearing or enabling the check box on data/Settings, log in on the platform command line interface (CLI) and restart the service:
$ cluster run application app start voss-risapi_collector
Phone Status Service in the Logs
When clearing this setting and then restarting the (RIS) data collector service, an app.log entry will show: "message":"RIS API service disabled".
Refer to the Platform Guide for commands to inspect log files.
Example log entry below (line breaks added):
2020-03-26T20:06:00.346577+00:00 VOSS-UN-2 deviceapi.background.risapi INFO
{"process_id":24,
"hostname":"VOSS-UN-2-voss-risapi-collector",
"name":"deviceapi.background.risapi",
"level":"INFO",
"utc_iso_timestamp":"2020-03-26T22:06:00.346268",
"request_uuid":null,
"user_hierarchy":null,
"user":null,
"message":"RIS API service disabled",
"line":330,
"parent_process_id":1
}
For users with system administrator privileges to the data/Settings model, a setting called Additional Role Access Profile Validation is available as a check box to manage the available roles when an administrator creates Access Profiles.
When the Additional Role Access Profile Validation check box is enabled:
An administrator can only assign a role to a user if it is linked to an access profile with permissions that are in the subset of the administrator's own access profile. Role drop-down lists will therefore be restricted.
If the macro function fn.filter_roles_by_user_access_profile is used, the setting needs to be enabled for roles to be filtered.
This validation check also applies when administrators manage multi-role admin users - where the role is associated with an Authorized Admin Hierarchy.
When the Additional Role Access Profile Validation check box is disabled:
An administrator can assign any role to a user, regardless of the administrator's own access profile. Role drop-down lists will therefore not be restricted.
If the macro function fn.filter_roles_by_user_access_profile is used, the roles will not be filtered.
This validation check also applies when administrators manage multi-role admin users - where the role is associated with an Authorized Admin Hierarchy.
By default, the Additional Role Access Profile Validation is disabled.
Refer to the macro topic Filter Role Functions for details on the use of the fn.filter_roles_by_user_access_profile function.
By default, the following file limitations apply:
Note
For users with permissions to the Global instance of the data/Settings datamodel, the upload file size and its time-to-live on the database can be configured.
Files are uploaded to the system database during such activities as:
The time-to-live value applies to uploaded files that have not been used, in other words, imported or processed. By default, a check is done every 24 hours for such files, after which time they are removed.
For users with system administrator privileges to the data/Settings model, the time-to-live for uploaded files can be managed.
Note
Files that are uploaded from file management menus on the user interface and listed as instances of data/File are not affected.
Uploaded Bulk Load files and imported JSON files are affected, however:
Administrators with permissions to access the Global instance of the settings in the data/Settings model (sysadmin), can create lists of device attributes affected by data sync under the Data Sync Workflow Execution Control section:
Allowlist Attributes
When this list contains a field, then only a change in that field and not any other field will trigger data sync workflows, regardless of the list of the Denylist Attributes. In other words, this list takes precedence over the existing list of Denylist Attributes.
Refer to the allow lists below.
Denylist Attributes
Items in this list will not trigger any update workflows that may have been defined to execute during the data sync. These attributes are therefore excluded from data sync considerations.
The reason for this list of attributes is that while data sync operations can have a performance impact, some data sync attribute changes do not require data sync workflows to be carried out.
Note however that the local device cache will still be updated with the updated attribute data. No update workflows will be run, though. The transaction logs will indicate the updated device cache, but the transactions for these attributes instances will show as:
"Device changes on denylisted attributes only. Updating cache, skipping workflows."
Note
After release 20.1.1 or applying patch EKB-4362-19.2.1_patch, the previously denylisted LDAP attributes are no longer imported during LDAP synchronization:
For device/ldap/user:
Refer to the deny lists below.
From release 24.1, the following allowlist model attributes have been added and the previous denylist has been removed:
Allowlist ``device/cucm/Phone``
From release 21.4-PB2, the following allowlist model attributes have been added:
Allowlist ``device/msteamsonline/CsOnlineUser``
Allowlist ``device/msgraph/MsolUser``
A number of denylist attributes have been added by default:
Denylist ``device/ldap/user``
Denylist ``device/cucm/User``
Denylist ``device/ldap/userProxy``
Related Topics
Allowlists and Denylists in the Core Feature Guide.
Microsoft Sync Overview in the Best Practices Guide.
| Title | Description | Details | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Name |
|
||||||||||||||||||||||||||||||||||||||||||||||||
| Transaction Log Level |
|
||||||||||||||||||||||||||||||||||||||||||||||||
| Supported File Extensions | List of supported file extensions for upload |
|
|||||||||||||||||||||||||||||||||||||||||||||||
| Disable Device Logging | Turn off detailed logging of device APIs |
|
|||||||||||||||||||||||||||||||||||||||||||||||
| Activate Phone Status Service | Activate service to periodically fetch Call Manager phone status |
|
|||||||||||||||||||||||||||||||||||||||||||||||
| Additional Role Access Profile Validation | Enable additional role access profile validation |
|
|||||||||||||||||||||||||||||||||||||||||||||||
| Maximum Upload File Size | Maximum file size (in bytes) of an upload file. Default size is 209715200 bytes (200 megabytes). Default: 209715200 |
|
|||||||||||||||||||||||||||||||||||||||||||||||
| Time-To-Live for Uploaded Files | Limits the lifespan (in hours) of an uploaded file in the database. Default value is 24 hours. Default: 24 |
|
|||||||||||||||||||||||||||||||||||||||||||||||
| Data Sync Workflow Execution Control | Controls the execution of data sync workflows with allow and deny lists. |
|
|||||||||||||||||||||||||||||||||||||||||||||||
| Model Type | Model type to control data sync workflow execution for. |
|
|||||||||||||||||||||||||||||||||||||||||||||||
| Denylist Attributes | These are attributes that will not trigger workflow execution if their values change. This list will be ignored if allowlist attributes are set. |
|
|||||||||||||||||||||||||||||||||||||||||||||||
| Allowlist Attributes | These attributes will trigger workflow execution if their values change. Attributes not in this list will not trigger workflow execution even if their values change. Takes precedence over denylist attributes. |
|
|||||||||||||||||||||||||||||||||||||||||||||||
| Device Overwrite Check Exemptions | These attributes will never be checked by the device overwrite feature. |
|
|||||||||||||||||||||||||||||||||||||||||||||||
| Model Type | Exempt certain attributes of this model type from device overwrite checking. |
|
|||||||||||||||||||||||||||||||||||||||||||||||
| Attributes | Exempt these attributes from device overwrite checking. |
|
|||||||||||||||||||||||||||||||||||||||||||||||
| Enable Wingman Chat | Enable the Wingman Chat Feature Default: True |
|
|||||||||||||||||||||||||||||||||||||||||||||||
| Wingman Web Proxy | Name of the Web Proxy to be used for Wingman requests. |
|
|||||||||||||||||||||||||||||||||||||||||||||||