Community Member
Community Member
kudos icon +

Lync Server

Sort out the remainig RBAC limitations

Lync RBAC architecture supposed to solve all the flaws, that OCS had regarding the inability to share administration taks among multiple business/organizational entities, like delegation of some well strictly scoped tasks to lower-privileged administrators. With Lync most of these issues are perfectly resolved. However, some of the RBAC limitations are still painful, if Lync is deployed in a multi-country huge international organization, where administrative access of Lync has to be controlled according to security procedures of the company.

 

Even if site-specific delegated are done to separate admin groups, a couple of configuration steps still can only be run by the allmighty Lync administrator:

 

- simple things like device updates (which really affect only a particular FE/pool, not the whole organizon) should be allowed via the delegation, and not require the allmighty Lync administrator to upload/approve such updates

 

- voice features \call park (because of the uniqueness of call park orbit range this MAY be understandable, but the site-scoped CPSconfiguration should be allowed), unassigned numbers (because the uniqueness of number range, this is acceptable, but the site-scoped configuration not)

 

- csmediaconfiguration site-scoped

 

- LIS config

 

- site-scoped client policy (I dont understand why this cannot be properly handled with delegation)

 

- dialinconferencingconfiguration (the same, even if it is scoped for site, a delegated site-admin does not have the privileges to create/modify it)

 

etc.

Tags

Idea No. 31