Rolescan be created, modified to add new or remove existing privileges, or deleted. When a role is modified,
thenew privileges are applied to all users assigned to that role. Privilege assignment is not restricted to the
privilegesdefined for the default roles. That is, you can usea custom set of privileges to create a unique role.
Forexample, the default Server Administrator and Storage Administrator roles have different set of privileges,
buta new Server and Storage Administrator role can be created that combines the privileges of both roles.
Ifa role is deleted after it has been assigned to users, it is also deleted from those user accounts.
Userprofiles on AAA servers (RADIUS or TACACS+) should be modified to add the roles corresponding
tothe privileges granted to that user. The attribute is used to store the role information. The AAA servers
returnthis attribute with the request and parse it to get the roles. LDAP servers return the roles in the user
profileattributes.
Ifa local user account and a remote user account have the same username, any roles assigned to the remote
userare overridden by those assigned to the local user.
Note
Default User RolesThesystem contains the following default user roles:
AAAAdministrator
Read-and-writeaccess to users, roles, and AAA configuration. Read access to the rest of the system.
Administrator
Completeread-and-write access to the entire system. The default admin account is assigned this role
bydefault and it cannot be changed.
FacilityManager
Read-and-writeaccess to power management operations through the power-mgmt privilege. Read
accessto the rest of the system.
NetworkAdministrator
Read-and-writeaccess to fabric interconnect infrastructure and network security operations. Read access
tothe rest of the system.
Operations
Read-and-writeaccess to systems logs, including the syslog servers, and faults. Read access to the rest
ofthe system.
Read-Only
Read-onlyaccess to system configuration with no privileges to modify the system state.
ServerEquipment Administrator
Read-and-writeaccess to physical server related operations. Read access to the rest of the system.
Cisco UCS Manager GUI Configuration Guide, Release 2.0
OL-25712-04 163
User Roles