Part 17: User Roles in Cisco ACI

User Roles in Cisco ACI

Today we are going to talk about the User roles in Cisco ACI and how we can create that user roles on the Cisco ACI APIC GUI. Before that let's have a look what Cisco ACI APIC is all about.

What is Cisco ACI APIC?
One of the important pillar of Cisco ACI is APIC which is known as Cisco Application Policy Infrastructure Controller. It is single pane of glass for automation and management for the Cisco ACI fabric, policy enforcement, and health monitoring. It also optimizes performance and manages and operates a scalable multitenant Cisco ACI fabric.

User Roles in Cisco ACI
ACI fabrics provide access to all objects based on the role that a user has been given in the configuration of the Cisco Application Policy Infrastructure Controller (APIC).Roles are organized according to permissions they grant.

You can view the built-in user roles as well as create custom roles to meet specific requirements. 

Step 1: Login to ACI APIC console and on the menu bar, choose Admin > AAA. 

Fig 1.1- Cisco ACI APIC GUI

Step 2: In the Navigation pane, choose Security > Roles. 

Fig 1.2- Cisco ACI APIC User roles

Step 3: From here, you can see each built-in role and the associated privileges. Additionally, you can create a custom role from the Actions menu. 

Unlike a tenant-admin who can only manage the components within their tenant, the fabric admin has full control over the entire fabric-including assigning other user roles and managing security domains on the fabric-level whereas a tenant-admin appears to only be able to manage the components within their tenant while unable to manage user roles on the fabric-level.