Cisco Cisco TelePresence Management Suite (TMS) Version 15 Installation Guide
Configuration topics
Cisco TelePresence Management Suite Installation and Getting Started Guide
Page 41 of 69
Anyone who is a member of the Site Administrator group has full access to all features and
systems in Cisco TMS. You can edit who is a member of the Site Administrator group, but you
cannot edit its permissions because it always has full permissions.
systems in Cisco TMS. You can edit who is a member of the Site Administrator group, but you
cannot edit its permissions because it always has full permissions.
It is recommended administrators define more groups to allow greater control of permissions in Cisco
TMS. Which groups users are a member of can be set one of three ways:
TMS. Which groups users are a member of can be set one of three ways:
By editing the group itself. The Edit Group page displays all current members: click Add
Members, to specify which users to add to the group. A user can be a member of more than one
group. User groups can also be edited by editing the User, go to Administrative Tools > User
Administration > Users
Members, to specify which users to add to the group. A user can be a member of more than one
group. User groups can also be edited by editing the User, go to Administrative Tools > User
Administration > Users
By assigning the user to a group automatically when the user profile is created. Cisco TMS does
this through „Default groups‟. Groups set as a „Default group‟ are automatically added to any new
user. At first installation, the Site Administrator group is marked as a Default group. This means
any person who logs into Cisco TMS, has a user profile created, and is automatically be added
the Site Administrator group giving them full rights to Cisco TMS. This is how you became an
administrator automatically when you first log into Cisco TMS. After you have logged in as the
administrator, it is recommended you stop the Site Administrator group from being a Default
group; otherwise every user will have full access permissions.
this through „Default groups‟. Groups set as a „Default group‟ are automatically added to any new
user. At first installation, the Site Administrator group is marked as a Default group. This means
any person who logs into Cisco TMS, has a user profile created, and is automatically be added
the Site Administrator group giving them full rights to Cisco TMS. This is how you became an
administrator automatically when you first log into Cisco TMS. After you have logged in as the
administrator, it is recommended you stop the Site Administrator group from being a Default
group; otherwise every user will have full access permissions.
By using Active Directory Groups. Cisco TMS has the option after configuration to allow Cisco
TMS to import existing groups from Active Directory. The Active Directory groups that a user
belongs to is automatically updated in Cisco TMS Groups when the user logs in. This simplifies
group administration because it reuses the existing Enterprise Directory for groups within Cisco
TMS l.
TMS to import existing groups from Active Directory. The Active Directory groups that a user
belongs to is automatically updated in Cisco TMS Groups when the user logs in. This simplifies
group administration because it reuses the existing Enterprise Directory for groups within Cisco
TMS l.
Permissions in Cisco TMS are a combination of feature permissions and system permissions. While
User Groups have permissions to control which portions of Cisco TMS a user has access to, System
Permissions are used to control what a user can do with a particular system. Later, when you are
adding/editing systems, you can alter the permissions for individual systems.
User Groups have permissions to control which portions of Cisco TMS a user has access to, System
Permissions are used to control what a user can do with a particular system. Later, when you are
adding/editing systems, you can alter the permissions for individual systems.
At this point, it is important to understand that there are default permissions given to a system when it
is first added to Cisco TMS
is first added to Cisco TMS
. This is controlled by „Default System Permissions‟ under
Administrative Tools > User Administration > Default System Permissions which allows you to
set the permissions that each group gets by default on newly added systems.
set the permissions that each group gets by default on newly added systems.
Configure a baseline permissions setup
For initial setup, it is not important to define all your eventual groups, but it is important understand
how permissions are set and to establish a baseline of what permissions you want until you settle on a
more complete and formal configuration.
how permissions are set and to establish a baseline of what permissions you want until you settle on a
more complete and formal configuration.
As a best practice, the following initial configuration steps must be done so that new users will not
have Cisco TMS Administration rights, and you have a default group for new users with a baseline
permission set. The permissions can be changed at any time, but it is recommended administrators
start planning from the beginning on how access will be controlled and what features users will have
access to by default.
have Cisco TMS Administration rights, and you have a default group for new users with a baseline
permission set. The permissions can be changed at any time, but it is recommended administrators
start planning from the beginning on how access will be controlled and what features users will have
access to by default.
1. Create a new group to use for all your trusted users. Go to Administrative Tools > User
Administration > Groups and click New
. Enter a name, such as „All company users‟ and click
Save
2. Assign the default permissions that you want all Cisco TMS users to have to the new group. Click
on the Group Name in the Edit Group listing, and click Set Permissions. Select the check box for
each permission that you want group members to have. For a starting point that gives users full
access except to Cisco TMS configuration, select all the check boxes except those under
Administrative Tools. Use the check boxes in the blue title bars to select or clear all check boxes
in that section. Click Save
each permission that you want group members to have. For a starting point that gives users full
access except to Cisco TMS configuration, select all the check boxes except those under
Administrative Tools. Use the check boxes in the blue title bars to select or clear all check boxes
in that section. Click Save
3. Change the Default Groups. Go to Administrative Tools > User Administration > Default
Groups. Clear all the check boxes except for the Users Group and your new Group. This means
any person who logs into Cisco TMS will automatically be added to your new group, and be given
the permissions that group has. Click Save
any person who logs into Cisco TMS will automatically be added to your new group, and be given
the permissions that group has. Click Save
4. Change the Default System Permissions. Go to Administrative Tools > User Administration >
Default System Permissions. You will see that the new group has no permissions, and the User