I currently have a FreePBX system in pilot, and I am composing documentation to provide to people as we put phones on desks. One thing that I’ve not been able to overcome or find a solution for, is controlling what the normal user will see from the User Control Panel.
For example, I’d like to remove the ability for users to see the Contact Directory and Fax links. I’d also like to be able to control or hide what the user could configure for, follow me, call forwarding or the VmX Locator.
Is this something that is possible through an add-on module?
When that is released will there be a migration path from FreePBX 11? I understand that it will require a complete reinstall of the system, but are you building functionality to allow a backup of 11, an install of 12, and then a restore of our configs? When this project is complete I’ll have 5 FreePBX servers across all of my sites managing over 500 phones.
James - I should have clarified that I wasn’t looking to move until 12 was in a stable release. We’ve currently deployed 1 pilot system with the plans of deploying systems at all of our plants over the coming months.
Unfortunately we’re losing some functionality we have in our mid 80s ROLM system, but it looks like some of that may be coming back in FreePBX 12.
The ARI is modular. While James would say it is “hacky”, you could navigate to:
/var/www/html/recordings/modules
and remove modules that you want to disable access to all users. Of course they could reappear at any future time after an update, so you will want to watch for that.
“Hacky” was in reference to tearing a gaping hole in to the security of FreePBX to provide a solution that is a built in functionality.
If I provide you a set of doors and a key card that allows you to go through certain doors the appropriate way to provide access is to provide a key card to a person locked to their allowed doors.
If a contractor without a clear understanding of the locks comes in and puts a pad lock on the front door and disables all the locks you are stuck giving everyone a padlock key. The solution is to re-enable the appropriate locks not to take a bulldozer to the walls bypassing the doors. If the functionality wasn’t already built in I still don’t think the bulldozer is the right solution but it makes more sense.
Understood just have to cover all the bases.
Once stable there will be an upgrade path.
Asterisk with their 12 revamp is allowing some stuff that wasn’t previously possible. There are some nuances from old key systems no one wants to see make resurrection but other things are definitely desirable.
I understood your original comment, and it is not a path I’m going to go down.
The thing I’m trying to control is to stop an employee from forwarding their phone to a long distance or international number from an extension that has those dialing capabilities. There was no interest in PIN codes for outbound routes that would allow LD and INT calls.
The question of hiding what certain users see, was primarily to cut down on support calls, and to only show them usable/useful things within the ARI.
As a consultant I always ask customers, why do you keep employees you can’t trust. These kind of draconian security measures rarely accomplish there goals.