The User Authorization Profile form along with the Login Banner Assignment and Security Options Assignment forms are required to meet MLPP security requirements.
This form lists all administrative users who are allowed to log on to a CDE/Maintenance session through the RS-232 port on the controller. The entries in the form consist of a set of names to which one of five possible authorization levels is assigned. Only the upper two levels (System and Installer) are required for MLPP operation.
IMPORTANT: When a new user is added, the system generates a random default password. The password displays on screen for approximately 15 seconds. You must record (or memorize) the password during this time because it cannot be recalled. For this reason, users should only be added (or renamed) one at a time. When adding or renaming multiple users, you also have 15 seconds between each to record the password. However, the chances for error are less if only a single user and password combination has to be recorded or memorized. If you fail to record a password in time, use the Reset Password command to set the user's password to a known password.
WARNING: MITEL recommends that system-level users keep a written copy of their system-level username and password in a secure place. If a system-level username or password is forgotten, system-level access to the system will be denied. Neither the system-level username nor password is recoverable. Therefore, it is vital that both be known before logging out after making changes to either the system-level user name or password.
This form can contain up to 64 accounts, including the four default user accounts: System, Installer, Maintenance2, and Maintenance1.
If the Administrator Name of an existing entry is changed, the password is still retained. Thus, the only way to change a user's password is to use the 'change password 'or 'reset password' commands or delete and recreate the user. The exception is if the username is changed before the user has logged in for the first time. In such cases, a new default password is created. Once the user has logged in and been forced to create a password, then further changes of the Administrator name will not create a new default password.
Default usernames and passwords, including those assigned to the four default user accounts (System, Installer, Maintenance2, and Maintenance1), must be changed to unique, secure values. If a user attempts to log in with a default username or password, the system will issue a warning message and generate an alarm (based on alarm threshold programming), plus prevent login when Enhanced Login Security is enabled on the Security Options Assignment form (a mandatory requirement for MLPP installations) . Passwords are programmable with the Change Password and Reset Password maintenance commands. Usernames are programmable with the Reset Username maintenance command, or by editing the Administrator Name on the User Authorization Profile form.
There is only one system-level user. The system-level user can create, delete, view, and update accounts for all other users, plus change his or her own Administrator Name and Password Expiry Interval. The system-level account cannot be deleted or disabled.
Users can view their accounts. They can also create, update, and view accounts with lower authorization levels, and view accounts with the same authorization level. Users cannot view accounts with higher authorization levels.
When a new Installer, Maintenance1, and Maintenance2 account is added, it will replace the corresponding default user account if the default user account has not yet been updated with a new username and password.
All usernames and passwords in the User Authorization Profile form can be DATA SAVED and DATA RESTORED. When Enhanced Login Security is enabled, users will be prompted to change their password the first time they log in. Exception: The system-level administrator reverts to 'sx2000' on a Data Restore.
|
Parameter |
Description |
Default Value |
|
Administrator Name |
Enter a name up to 20 characters long. Alphabetic and numeric characters are permitted, but not special characters or spaces. Although alphabetic characters may be entered in upper case, they are always stored in lower case. |
Blank |
|
Authorization Level |
Enter one of five possible authorization levels: Installer, Maintenance2, Maintenance1, Supervisor or Attendant. |
Installer |
|
Password Expiry (Days) |
Enter the number of days (1 to 365 days) that will elapse between the creation of a password and its expiry. If this field is left blank, the Default Password Expiry Interval (programmed on the Security Options Assignment form) is applied. Note that the timer is reset whenever a new password is created for the administrator account. |
Blank |
|
Admin Enabled |
When a new administrator account is created, this field is set to Y (Yes). It can be changed to N (No) by an administrator with a higher authorization level, or by the system when the Account Inactivity Timer expires. |
No |
|
Access Level |
Username |
Password |
Authorized Commands |
|
System |
system |
sx2000 |
all |
|
Installer |
installer |
sx2000 |
all |
|
Maintenance2 |
maint2 |
sx2000 |
none |
|
Maintenance1 |
maint1 |
sx2000 |
none |
|
Supervisor |
See Note below |
|
|
|
Attendant |
See Note below |
|
|
Note: New systems do not provide default usernames for Supervisor and Attendant levels; they must be specified in the User Authorization Profile Assignment form. Default passwords for these levels are briefly displayed when the usernames are created as described above.