We ended up with a scenario where we had to restrict the MiVB access for the customer's in house telephony engineers. This is fine, setup the security profile in MiVB and restrict the forms they have read/write access to.

However. These same engineers have admin access to the MiCollab's, which are connected to the MiVB's in order to be able to provision users, setup voicemails etc...

The problem lies in the ability for them to log into MiCollab and then go to Network Elements and click on 'Connect to MiVB System' - which then uses the un/pw which is stored in MiCollab for Flow Through Provisioning, which of course has full root access!

This causes an issue not only for locking down systems internally - but, and I've not investigated this, some of these MiCollabs sit network edge... could there be potential for accessing a MiCollab that is public facing and then being able to jump to the MiVoice Business via this 'feature'?

We need the ability for true 'Admin' login users to be able to disable this feature for users which we setup with Admin access to MiCollab. (i.e. installers can still use the option - but logins setup for customers to carry out admin, can't)