Community Member
Community Member
kudos icon +

Lync Server

Sort out the remainig RBAC limitations

Lync RBAC architecture supposed to solve all the flaws, that OCS had regarding the inability to share administration taks among multiple business/organizational entities, like delegation of some well strictly scoped tasks to lower-privileged administrators. With Lync most of these issues are perfectly resolved. However, some of the RBAC limitations are still painful, if Lync is deployed in a multi-country huge international organization, where administrative access of Lync has to be controlled according to security procedures of the company.


Even if site-specific delegated are done to separate admin groups, a couple of configuration steps still can only be run by the allmighty Lync administrator:


- simple things like device updates (which really affect only a particular FE/pool, not the whole organizon) should be allowed via the delegation, and not require the allmighty Lync administrator to upload/approve such updates


- voice features \call park (because of the uniqueness of call park orbit range this MAY be understandable, but the site-scoped CPSconfiguration should be allowed), unassigned numbers (because the uniqueness of number range, this is acceptable, but the site-scoped configuration not)


- csmediaconfiguration site-scoped


- LIS config


- site-scoped client policy (I dont understand why this cannot be properly handled with delegation)


- dialinconferencingconfiguration (the same, even if it is scoped for site, a delegated site-admin does not have the privileges to create/modify it)




Idea No. 31