Remove right to access Backup/Restore module from 'General System Admin'

Discussion in 'Ideas' started by brendan.helsham, Sep 21, 2017.

Remove right to access Backup/Restore module from 'General System Admin' 5 5 6votes
5/5, 6 votes

  1. brendan.helsham

    Joined:
    Jan 23, 2008
    Messages:
    35
    Likes Received:
    5
    I've just realised that if you assign an extension management console access and enable 'General System Administration', but don't want the user to have access to Administer SIP Trunks, all they need to do is download a backup file and read the XML to get the master admin account and password.

    This is a pretty big hole that need to be plugged ASAP. We would like to be able to give some power users access to manage settings in Ring Groups and Queues etc., but not allow them access to the trunks.

    We can't do this now. I think access to the backup/restore needs to be a separate permission like SIP Trunks, Reporting, Download Recordings etc.
     
  2. Silly English Kniggit

    Joined:
    Sep 13, 2017
    Messages:
    215
    Likes Received:
    76
    I would expect that "general system admin" would include basically everything. However, I agree that backup and restore does pose a security risk and should probably be separated out. The other thing that would work, is if control of queues / ring groups could be delegated directly - we also have an issue with this for some customers.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. brendan.helsham

    Joined:
    Jan 23, 2008
    Messages:
    35
    Likes Received:
    5
    In a perfect world, each management container on the left pane could be toggled on or off for various role based administration tasks. But the general system admin doesn't include the SIP trunks (& inbound/outbound rules) for example. So, if this is excluded, there should not be a wide open back door to circumvent this.
    Cheers