• debug
Guidelines for Cisco UCS Manager Passwords
A password is required for each locally authenticated user account. A user with admin or aaa privileges can
configure Cisco UCS Manager to perform a password strength check on user passwords. If the password
strength check is enabled, each user must have a strong password.
Cisco recommends that each user have a strong password. If you enable the password strength check for
locally authenticated users, Cisco UCS Manager rejects any password that does not meet the following
requirements:
• Must contain a minimum of 8 characters and a maximum of 64 characters.
• Must contain at least three of the following:
◦ Lower case letters
◦ Upper case letters
◦ Digits
◦ Special characters
• Must not contain a character that is repeated more than 3 times consecutively, such as aaabbb.
• Must not be identical to the username or the reverse of the username.
• Must pass a password dictionary check. For example, the password must not be based on a standard
dictionary word.
• Must not contain the following symbols: $ (dollar sign), ? (question mark), and = (equals sign).
• Should not be blank for local user and admin accounts.
Web Session Limits for User Accounts
Web session limits are used by Cisco UCS Manager to restrict the number of web sessions (both GUI and
XML) a given user account is permitted to access at any one time.
By default, the number of concurrent web sessions allowed by Cisco UCS Manager is set to 32; although this
value can be configured up to the system maximum of 256.
User Roles
User roles contain one or more privileges that define the operations allowed for the user who is assigned the
role. A user can be assigned one or more roles. A user assigned multiple roles has the combined privileges of
all assigned roles. For example, if Role1 has storage related privileges, and Role2 has server related privileges,
users who are assigned to both Role1 and Role2 have storage and server related privileges.
A Cisco UCS domain can contain up to 48 user roles, including the default user roles.
All roles include read access to all configuration settings in the Cisco UCS domain. The difference between
the read-only role and other roles is that a user who is only assigned the read-only role cannot modify the
system state. A user assigned another role can modify the system state in that user's assigned area or areas.
Cisco UCS Manager GUI Configuration Guide, Release 2.0
162 OL-25712-04
User Roles