Role Based Access Control in Avaya Aura System Manager 6.2 – Part 1

laptopHOMEguy323115Avaya Aura System Manager provides centralized administration for multiple instances of Avaya Aura Session Manager and Avaya Aura Communication Manager. It’s also designed to manage all Avaya Aura components – present, future, and all third-party supported applications and services.

Avaya Aura System Manager centralizes provisioning, maintenance, and troubleshooting to simplify and reduce management complexity and solution servicing. It delivers a set of management services that you can access using the System Manager common console.

Upon Initial Installation, Avaya Aura System Manager requires a first-time login using the admin account. The default password for accessing the System Manager common console is admin123. The account name remains the same, but the password must be changed on the initial login. The admin account is already created within System Manager and is associated by default with the system administrator role, which is one of the “out-of-the box” default role and gives the admin total access to any user, application/element, or network service available via the System Manager main screen (aka the Dash Board).

A customer may choose to continue to use this account and password to subsequently administer any and all elements and network services available via the System Manager Dash Board. However, this may not necessarily be the best practice due to the level of access given to this account. 

It may be necessary to create additional users with different levels of access and permissions. To accomplish this, we assign the user to one of the existing default roles that provides the level of access and permissions needed, or we can create a new custom role with the specific settings for the user.
When you login using the admin account you already have, among other privileges, the ability to create roles. You do not have to create a custom role for every new administrator; it’s possible to assign the same role to multiple users.  

Creating a New Role

Creating a new role can be summarized in five steps.

  1. Give the new role a name and a description. The name should be in accordance with the resources and/or network services accessible via its permissions (e.g., CM administrator, User Administration etc.).
  2. Add mapping. Mapping relates to the inclusion of elements and network services accessible via the role. There is no limit on what elements and network services can be mapped to a role. However, you can’t access an element if the element is not being managed by System Manager.
  3. Assign actions. Actions (i.e. view, edit, delete, etc.) define what a role can perform to an attributes.
  4. Define attributes. Attributes are fields of data associated with an element or network service. For example, a role is mapped to users as a resource; the action is only to edit and the attribute is first name. As a result, an administrator assigned to this role would be able to access all users, but only be able to edit the user’s first name and nothing else.
  5. Commit the new role. Once committed, the new role will appear on the list of roles, but it has not yet been assigned to a user.

The degree of detail assigned to a role depends on the customer’s criteria regarding the level of access and permissions. It’s also possible to copy an existing role and then modify the copy. This will simplify the creation of new roles if the required criteria of a new role is similar to an existing role.

Related Courses

In this article

Join the Conversation