Configuration Guide for User Access Level

Overview

User Access Level feature is used to achieve different access levels for different authorized users. It is useful for protecting the IP phone from unauthorized configuration, and popularly used for the Hosted PBX solution. The following describes how to customize the access permission for configurations on the web interface and LCD interface.

Scenario

For a Hosted PBX solution, IP phones are provided to customers for free but required a minimum consumption monthly. All PBX services associated features on the deployed IP phones are preconfigured to avoid customers from using other Hosted PBX’s service, and the Hosted PBX system administrator can restrict the user access permission using User Access Level feature.

For example, the Hosted PBX system administrator restricts the write permission of the account associated configurations. This means customers can only read these configurations on both web interface and LCD interface. 

Introduction

Htek IP phones support access levels of admin, var and user. The following describes the detailed information of each access level:

l Admin: The administrator access level. With this access level, all configurations on both web interface and LCD interface can be read and written. The authentication identity for this access level is admin. And the default password is admin.

l Var: The value-added reseller access level. Generally, with this access level, most configurations on the web user interface and phone user interface can be read and written. The authentication identity for this access level is var. And the default password is 1234.

l User: The end user access level. Generally, only a few configurations can be written and read for access user. The authentication identity for this access level is user. And the default password is 1234.

 

Application

This section will introduce procedures to configure access permission of the web interface in detail. The flow chart of configuring user access level is shown as below:

image-20240228-082040.png

 

Customizing UserAccessLevel.cfg of web interface

Access permissions of all configuration items available on Htek IP phones’ web interface can be defined in a fixed UserAccessLevel.cfg file. Each configuration item in the file is formatted as:

For configuring LCD user interface please refer to the section below: Customizing-UserAccessLevel.cfg-of-LCD-interface.

 

Item Name = XY

The valid values of X, Y include 0, 1, 2 and 3.

X is used for specifying the access level. The access levels:

  • 0 = user

  • 1 = var

  • 2 = admin

  • 3 = none

 

Y is used to define the access rights.

  • 0 means the configuration item is writable for X and higher access levels.

  • 1 means the configuration item is read-only for X access level, and writable for higher access levels.

  • 2 means the configuration item is read-only for X and higher access levels but always writable for highest access level (Generally it is admin level).

  • 3 means the configuration item is read-only for X and higher access levels.

  • If Y does not exist, the configuration item is visible for X and higher access levels.

The following table lists the possible values of XY:

W – writable; R – read only; H – hidden.

Value of XY

admin

var

user

0

WR

WR

WR

1

WR

WR

H

2

WR

H

H

3

H

H

H

00

WR

WR

WR

01

WR

WR

R

02

WR

R

R

03

R

R

R

10

WR

WR

H

11/12

WR

R

H

13

R

R

H

20/21/22

WR

H

H

23

R

H

H

30/31/32/33

H

H

H

 

You can ask for the template file from your device provider.

image-20240228-082529.png

The following shows configuration segments for the web interface in the UserAccessLevel.cfg file for reference:

Sample 1: Configuration items in the UserAccessLevel.cfg for the webpage of Setting-> Features:

###########Web-Setting-Features########### Features(P21025) = 0 Features-Forward(P21026) = 1 Features-Forward-Always(P53100) = 0 Features-Forward-Busy(P53110) = 0 Features-Forward-NoAnswer(P53120) = 0 Features-DoNotDisturb(P21027) = 0 Features-HotLine(P21028) = 1 Features-TransferSettings(P21029) = 0 Features-CallPickup(P21030) = 0 Features-PhoneLock(P21031) = 2 Features-CallWaiting(P21032) = 0 Features-AlertRing(P21033) = 2 Features-AutoRedial(P21034) = 0

According to the above configuration of access level, when logging in the web interface with user, the web interface displays as below:

According to the above configuration of access level, when logging in the web interface with var, the web interface displays as below:

According to the above configuration of access level, when logging in the web interface with admin, the web interface displays as below:

Sample2: Configuration items in the UserAccessLevel.cfg for the webpage of Account:

###########Web-Account-Basic########### Basic(P21007) = 0 Basic-Account(P21008) = 0 Basic-Account1-Status(P2801) = 02 Basic-Account1-AccountActive(P271) = 12 Basic-Account1-PriSipServer(P47) = 02 Basic-Account1-FailSipServer(P967) = 02 Basic-Account1-SecFailSipServer(P8851) = 02 Basic-Account1-PreferPriSipServer(P4567) = 02 Basic-Account1-OutboundProxy(P48) = 02   Basic-Account1-BackupOutboundProxy(P20047) = 02 Basic-Account1-SipTransport(P130) = 02 Basic-Account1-NATTraversal(P52) = 02 Basic-Account1-Label(P20000) = 00 Basic-Account1-SipUserID(P35) = 01 Basic-Account1-AuthenticateID(P36) = 01 Basic-Account1-AuthenticatePassword(P34) = 01 Basic-Account1-Name(P3) = 01 Basic-Account1-DNSMode(P103) = 0 Basic-Account1-UserIDIsPhoneNumber(P63) = 0 Basic-Account1-SipRegistration(P31) = 0 Basic-Account1-UnregisterOnReboot(P81) = 0 Basic-Account1-RegisterExpiration(P32) = 0 Basic-Account1-OutgoingCallWithoutReg(P109) = 0 Basic-Account1-LocalSipPort(P40) = 0 Basic-Account1-UseRandomPort(P78) = 0 Basic-Account1-VoiceMailUserID(P33) = 02 Basic-Account1-RPort(P136) = 11 Basic-Account1-RFC2543Hold(P1100) = 11 Basic-Account1-ConnectMode(P8775) = 11

According to the above configuration of access level, when logging in the web interface with user, the web interface displays as below:

According to the above configuration of access level, when logging in the web interface with var, the web interface displays as below:

According to the above configuration of access level, when logging in the web interface with admin, the web interface displays as below:

For more information on parameters of the UserAccessLevel.cfg file, refer to:Configuration-parameters-of-web-interface.

 

Customizing UserAccessLevel.cfg of LCD interface

The following shows configuration segments for the LCD interface in the UserAccessLevel.cfg file for reference:

Access permissions of all configuration items available on Htek IP phones’ LCD interface can be defined in a fixed UserAccessLevel.cfg file. Each configuration item in the file is formatted as:

Item Name = X

The valid values of X include 0, 1, 2 and 3.

X is used for specifying the access level. The access levels:

  • 0 = user

  • 1 = var

  • 2 = admin

  • 3 = none

The following table lists the possible values of X:

WR – writable and visible; H – hidden.

Value of X

admin

var

user

0

WR

WR

WR

1

WR

WR

H

2

WR

H

H

3

H

H

H

Example1: Configuration items in the UserAccessLevel.cfg for call forward menu and its submenu settings:

[Lcd-Menu-Features] Features-CallForward(P21124) = 0 ###########Menu-Features-CallForward########### Features-CallForward-AlwaysForward(P21131) = 1 Features-CallForward-BusyForward(P21132) = 1 Features-CallForward-NoAnswerForward(P21133) = 2

According to the above configuration of access level, when logging in to the LCD interface with user, the access permission is displayed as below:

Always forward/Busy forward/No answer forward is hidden for user:

When logging in to the LCD interface with var, the access permission is displayed as below:

Always forward/Busy forward submenu is writable for var:

When logging in to the LCD interface with admin, the access permission is displayed as below:

Always forward/Busy forward/No answer forward submenu is writable for admin:

For more information on parameters of the UserAccessLevel.cfg file, refer to Configuration-Parameters-of-LCD-interface

Configuration Htek IP Phone

User access level feature is disabled for Htek IP phone in standard firmware version by default. Before using this feature, you need to enable it through auto provisioning introduced as following. User Access Level feature is configurable only via configuration files.

To configure User Access Level feature for Htek IP phone:

1.Edit the following parameters in the configuration file (e.g., factory0000.bin).

Parameters

Permitted Values

Default

Description

P20644

0 or 1

0

This parameter is used to enable or disable the login of the web interface with different access levels.

0 - Disabled

1 - Enabled

It takes effect after reboot.

P20952

0 or 1

0

This parameter is used to enable or disable the login of the LCD interface with different access levels.

0 - Disabled

1 - Enabled

It takes effect after reboot.

P20645

URL of FTP, TFTP, HTTP or HTTPS

Blank

This parameter is used to configure the access URL of the UserAccessLevel.cfg file.

(e.g.http://192.168.0.24/autoprovision/UserAccessLevel.cfg)

It takes effect after reboot.

2.Upload the configuration file to the directory of the provisioning server.

3.Configure the access URL of the provisioning server for the IP phone.

4.Restart IP phone to perform auto provisioning.

For more information for auto provisioning Htek IP phones, refer to HTEK SIP Phone Auto Provision User Guide.

When the user access level is enabled, you can login the web/LCD interface with different access levels.

To login the web interface with different access levels:

  1. Press the OK key when the phone is idle to obtain the IP address.

  2. Enter the IP address (e.g. http://192.168.0.10 or 192.168.0.10) in the address bar of web browser on your PC and then press the Enter key.

  3. Enter the username (admin/var/user) and password (admin/1234/1234) in the login page.

  4. Click Confirm to login.

 

To login the LCD interface with different access levels:

  1. Press Menu->User Mode.

  2. Press > or <, or the Switch softkey to select the desired access level in the User Type field.

  3. Enter the password in the Password field.

  1. Press the Enter softkey to accept the change. 

Configuration parameters

Configuration parameters of web interface:

 

 

 

 

 

Configuration parameters of LCD interface: