Role: admin
|
admin
|
Provides full access to all of the features of the fabric. The admin privilege can be considered to be a union of all other
privileges.
|
Role: aaa
|
aaa
|
Used for configuring authentication, authorization, accounting, and import/export policies.
|
Role: access-admin
|
access-connectivity
|
Used for Layer 1-3 configuration under infra, static route configurations under a tenant's L3Out, management infra policies,
and tenant ERSPAN policies.
|
access-equipment
|
Used for access port configuration.
|
access-protocol
|
Used for Layer 1-3 protocol configurations under infra, fabric-wide policies for NTP, SNMP, DNS, and image management, and
operations-related access policies such as cluster policy and firmware policies.
|
access-qos
|
Used for changing CoPP and QoS-related policies.
|
Role: fabric-admin
|
fabric-connectivity
|
Used for Layer 1-3 configuration under the fabric, firmware and deployment policies for raising warnings for estimating policy
deployment impact, and atomic counter, diagnostic, and image management policies on leaf switches and spine switches.
|
fabric-equipment
|
Used for atomic counter, diagnostic, and image management policies on leaf switches and spine switches.
|
fabric-protocol
|
Used for Layer 1-3 protocol configurations under the fabric, fabric-wide policies for NTP, SNMP, DNS, and image management,
ERSPAN and health score policies, and firmware management traceroute and endpoint tracking policies.
|
Role: nw-svc-admin
|
nw-svc-policy
|
Used for managing Layer 4 to Layer 7 service devices and network service orchestration.
|
Role: nw-svc-params
|
nw-svc-params
|
Used for managing Layer 4 to Layer 7 service policies.
|
Role: ops
|
ops
|
Used for viewing the policies configured including troubleshooting policies.
|
Role: port-mgmt
|
port-mgmt
|
Used for assigning a node to a security domain. A user in a security domain with a Node Rule must also be assigned to domain
all with the role of port-mgmt .
|
Role: tenant-admin
|
aaa
|
Used for configuring authentication, authorization, accouting and import/export policies.
|
access-connectivity
|
Used for Layer 1-3 configuration under infra, static route configurations under a tenant's L3Out, management infra policies,
and tenant ERSPAN policies.
|
access-equipment
|
Used for access port configuration.
|
access-protocol
|
Used for Layer 1-3 protocol configurations under infra, fabric-wide policies for NTP, SNMP, DNS, and image management, and
operations-related access policies such as cluster policy and firmware policies.
|
access-qos
|
Used for changing CoPP and QoS-related policies.
|
fabric-connectivity
|
Used for Layer 1-3 configuration under the fabric, firmware and deployment policies for raising warnings for estimating policy
deployment impact, and atomic counter, diagnostic, and image management policies on leaf switches and spine switches.
|
fabric-equipment
|
Used for atomic counter, diagnostic, and image management policies on leaf switches and spine switches.
|
fabric-protocol
|
Used for Layer 1-3 protocol configurations under the fabric, fabric-wide policies for NTP, SNMP, DNS, and image management,
ERSPAN and health score policies, and firmware management traceroute and endpoint tracking policies.
|
nw-svc-policy
|
Used for managing Layer 4 to Layer 7 service devices and network service orchestration.
|
tenant-network-profile
|
Used for managing tenant configurations, such as deleting and creating network profiles, and deleting and creating endpoint
groups.
|
tenant-protocol
|
Used for managing configurations for Layer 1-3 protocols under a tenant, for tenant traceroute policies, and as write access
for firmware policies.
|
tenant-qos
|
Used for QoS-related configurations for a tenant.
|
tenant-security
|
Used for contract-related configurations for a tenant.
|
Role: tenant-ext-admin
|
tenant-connectivity
|
Used for Layer 1-3 connectivity changes, including bridge domains, subnets, and VRFs; for atomic counter, diagnostic, and
image management policies on leaf switches and spine switches; tenant in-band and out-of-band management connectivity configurations;
and debugging/monitoring policies such as atomic counters and health score.
|
tenant-epg
|
Used for managing tenant configurations such as deleting/creating endpoint groups, VRFs, and bridge domains.
|
tenant-ext-connectivity
|
Used for write access firmware policies; managing tenant L2Out and L3Out configurations; and debugging/monitoring/observer
policies.
|
tenant-ext-protocol
|
Used for managing tenant external Layer 1-3 protocols, including BGP, OSPF, PIM, and IGMP, and for debugging/monitoring/observer
policies such as traceroute, ping, oam, and eptrk. Generally only used for write access for firmware policies.
|
tenant-network-profile
|
Used for managing tenant configurations, such as deleting and creating network profiles, and deleting and creating endpoint
groups.
|
tenant-protocol
|
Used for managing configurations for Layer 1-3 protocols under a tenant, for tenant traceroute policies, and as write access
for firmware policies.
|
tenant-qos
|
Used for QoS-related configurations for a tenant.
|
tenant-security
|
Used for contract-related configurations for a tenant.
|