Click to place a check mark in the check boxes of the privileges you want to assign the user. The privileges are:
-
aaa—Used for configuring authentication, authorization, accouting and import/export policies.
-
access-connectivity-l1Used for Layer 1 configuration under infra. Example: selectors and port Layer 1 policy configurations.
-
access-connectivity-l2—Used for Layer 2 configuration under infra. Example: Encap configurations on selectors, and attachable entity.
-
access-connectivity-l3—Used for Layer 3 configuration under infra and static route configurations under a tenant's L3Out.
-
access-connectivity-mgmt—Used for management infra policies.
-
access-connectivity-util—Used for tenant ERSPAN policies.
-
access-equipment—Used for access port configuration.
-
access-protocol-l1—Used for Layer 1 protocol configurations under infra.
-
access-protocol-l2—Used for Layer 2 protocol configurations under infra.
-
access-protocol-l3—Used for Layer 3 protocol configurations under infra.
-
access-protocol-mgmt—Used for fabric-wide policies for NTP, SNMP, DNS, and image management.
-
access-protocol-ops—Used for operations-related access policies such as cluster policy and firmware policies.
-
access-protocol-util—Used for tenant ERSPAN policies.
-
access-qos—Used for changing CoPP and QoS-related policies.
-
admin—Complete access to everything (combine ALL roles)
-
fabric-connectivity-l1—Used for Layer 1 configuration under the fabric. Example: selectors and port Layer 1 policy and VNET protection.
-
fabric-connectivity-l2—Used in firmware and deployment policies for raising warnings for estimating policy deployment impact.
-
fabric-connectivity-l3—Used for Layer 3 configuration under the fabric. Example: Fabric IPv4 and MAC protection groups.
-
fabric-connectivity-mgmt—Used for atomic counter and diagnostic policies on leaf switches and spine switches.
-
fabric-connectivity-util—Used for atomic counter, diagnostic, and image management policies on leaf switches and spine switches.
-
fabric-equipment—Used for atomic counter, diagnostic, and image management policies on leaf switches and spine switches.
-
fabric-protocol-l1—Used for Layer 1 protocol configurations under the fabric.
-
fabric-protocol-l2—Used for Layer 2 protocol configurations under the fabric.
-
fabric-protocol-l3—Used for Layer 3 protocol configurations under the fabric.
-
fabric-protocol-mgmt—Used for fabric-wide policies for NTP, SNMP, DNS, and image management.
-
fabric-protocol-ops—Used for ERSPAN and health score policies.
-
fabric-protocol-util—Used for firmware management traceroute and endpoint tracking policies.
-
none—No privilege.
-
nw-svc-device—Used for managing Layer 4 to Layer 7 service devices.
-
nw-svc-devshare—Used for managing shared Layer 4 to Layer 7 service devices.
-
nw-svc-params—Used for managing Layer 4 to Layer 7 service policies.
-
nw-svc-policy—Used for managing Layer 4 to Layer 7 network service orchestration.
-
ops—Used for operational policies including monitoring and troubleshooting policies such as atomic counter, SPAN, TSW, tech support,
traceroute, analytics, and core policies.
-
tenant-connectivity-l1—Used for Layer 1 connectivity changes, including bridge domains and subnets.
-
tenant-connectivity-l2—Used for Layer 2 connectivity changes, including bridge domains and subnets.
-
tenant-connectivity-l3—Used for Layer 3 connectivity changes, including VRFs.
-
tenant-connectivity-mgmt—Used for tenant in-band and out-of-band management connectivity configurations and for debugging/monitoring policies such
as atomic counters and health score.
-
tenant-connectivity-util—Used for atomic counter, diagnostic, and image management policies on leaf switches and spine switches.
-
tenant-epg—Used for managing tenant configurations such as deleting/creating endpoint groups, VRFs, and bridge domains.
-
tenant-ext-connectivity-l2—Used for managing tenant L2Out configurations.
-
tenant-ext-connectivity-l3—Used for managing tenant L3Out configurations.
-
tenant-ext-connectivity-mgmt—Used as write access for firmware policies.
-
tenant-ext-connectivity-util—Used for debugging/monitoring/observer policies such as traceroute, ping, oam, and eptrk.
-
tenant-ext-protocol-l1—Used for managing tenant external Layer 1 protocols. Generally only used for write access for firmware policies.
-
tenant-ext-protocol-l2—Used for managing tenant external Layer 2 protocols. Generally only used for write access for firmware policies.
-
tenant-ext-protocol-l3—Used for managing tenant external Layer 3 protocols such as BGP, OSPF, PIM, and IGMP.
-
tenant-ext-protocol-mgmt—Used as write access for firmware policies.
-
tenant-ext-protocol-util—Used for debugging/monitoring/observer policies such as traceroute, ping, oam, and eptrk.
-
tenant-network-profile—Used for managing tenant configurations, such as deleting and creating network profiles, and deleting and creating endpoint
groups.
-
tenant-protocol-l1—Used for managing configurations for Layer 1 protocols under a tenant.
-
tenant-protocol-l2—Used for managing configurations for Layer 2 protocols under a tenant.
-
tenant-protocol-l3—Used for managing configurations for Layer 3 protocols under a tenant.
-
tenant-protocol-mgmt—Only used as write access for firmware policies.
-
tenant-protocol-ops—Used for tenant traceroute policies.
-
tenant-protocol-util—Used for debugging/monitoring/observer policies such as traceroute, ping, oam, and eptrk.
-
tenant-qos—Only used as Write access for firmware policies.
-
tenant-security—Used for Contract related configurations for a tenant.
-
vmm-connectivity—Used to read all the objects in APIC's VMM inventory required for VM connectivity.
-
vmm-ep—Used to read VM and Hypervisor endpoints in the APIC's VMM inventory.
-
vmm-policy—Used for managing policies for VM networking.
-
vmm-protocol-ops—Not used by VMM policies.
-
vmm-security—Used for Contract related configurations for a tenant.