Which mechanism is used to grant administrative permissions in CUCM?

Role-Based Access Control (RBAC) is how CUCM grants administrative permissions. In CUCM, you assign a user a role, and each role defines a specific set of administrative permissions for particular tasks or subsystems (like device configuration, routing, security, user management, etc.). This lets you tailor access so a user can perform only what they need, supporting least-privilege security and clearer separation of duties. There are built-in roles and you can create custom roles as needed, applying them to users (or groups) so the UI and tasks available to each person are governed by their assigned roles. The other options don’t provide this mechanism: Security Policy describes rules for securing the system, Audit Trail records actions for auditing, and Access Control List governs network traffic access, not who can do what in the CUCM admin interface.