This will explain the web browser version of login administration for cm4 and higher. It was moved from CM to linux.
logins, user-profiles, and webProfiles in cm loads higher than cm3:
list user-profile
add user-profile
change user-profile
duplicate user-profile
display user-profile
export user-profile
remove user-profile
from linux CLI, cmuseradd, cmusermod, cmuserdel, cmpasswd can be used instead
of the Web Browser
from Web Browser, Security, Administrator Accounts
bullet in Add Login Group - Enter Login ID or Group Name "prof28" submit
associate "prof28" with group number "10028" Add
from Web Browser, Security, Web Access Mask
Add, 28 in Box for Enter new Access Mask Number:
Create has 3 choices, one is to copy a new webProfile from an existing
webProfile:
Create by copying values from Access Mask number: 18
Change, put check in box of webProfile you want display, change
Here you can administer a name for the webProfile and turn on / off the access
to links for the user that logs into the Web Browser with this webProfile
NOTES:
linux CLI "cmuseradd super-user -C 28 logname" or "cmusermod -C 28 logname"
will add entry for prof28:x:10028 to the /etc/group file
user-profile group must exist in linux before you can associate a login to
a user-profile Group Name using the Web Browser
customized groups can be prof20 to prof69
A login is associated with prof28 it is also associated with webProfile 28
Once you associate a login to a Group Name "prof28" the login will not
be able access CM until the user-profile group exists in CM.
Trying to login to CM before the users CM user-profile exists will return
"Access Denied: User ID/Profile unknown to Communication Manager"
Once you associate a login to a Group Name "prof28" the login will not
be able access the Web Browser until a webProfile group exists in linux.
Don't forget to sync the webProfiles to standby, ESS / LSP servers
Web Browser does not authenticate with some logins on a Main "active" or
"standby" server, or a connected "LSP" or "ESS" server. CM4 only
Web Browser access is controlled by the webProfiles in each server
These profiles can be located in:
/etc/opt/ecs/webProfiles or /diskroot/etc/opt/ecs/webProfiles
Files use the naming convention of webProfile_XX.conf where XX is the
login_name defined profile. These profiles are always added with the
Web Browser under the Security, Web Access Mask page with the ADD button.
This must be done from the active server Web Browser in order to do the
sync steps below. You cannot sync from an ESS / LSP or standby server.
Default profiles range from 0 to 19. Customizable profiles 20 - 69
Then, for other connected servers, must be file sync from this page to the
connected standby, ESS, LSP servers. This must be done manually from this
page after any addition, deletion, modification of webProfiles in order to
maintain the same webProfile properties in all servers.
KB01028820 - sync webProfiles to all servers
A missing profile in any of the servers would block access to the server via
the Web Browser
NOTE: In future releases, the webProfiles will be changed to sync with
normal routine file sync (i.e. save translation all from Main "active"
server. Reference defsw073716 fix on cm4-736.0, cm5-825.0 and with
cm4.0.1sp03.00
CAUTION: Do Not blindly execute a file sync of webProfiles. Always compare
the "active" and "standby" server's webProfiles to see which has
the most profiles first. You can only execute file sync from the
"active" server's Web Browser. Many customers have built all of
the webProfiles and may have not known to do the file sync. If this
was the case, and an interchange to the other server has occurred,
the new "active" server may have just the default webProfiles
0 - 19. A file sync from this server will make the "standby" and
ESS and LSP servers match the current "active" server, which would
possibly blow away all of the webProfiles that reside in the other
servers.
A great teacher, does not provide answers, but methods to teach others "How and where to find the answers"
bsh
36 years Bell, AT&T, Lucent, Avaya
Tier 3 for 26 years and counting