Roles can be created, modified to add new or remove existing privileges, or deleted. When a role is modified,
the new privileges are applied to all users assigned to that role. Privilege assignment is not restricted to the
privileges defined for the default roles. That is, you can use a custom set of privileges to create a unique role.
For example, the default Server Administrator and Storage Administrator roles have different set of privileges,
but a new Server and Storage Administrator role can be created that combines the privileges of both roles.
If a role is deleted after it has been assigned to users, it is also deleted from those user accounts.
User profiles on AAA servers (RADIUS or TACACS+) should be modified to add the roles corresponding
to the privileges granted to that user. The attribute is used to store the role information. The AAA servers
return this attribute with the request and parse it to get the roles. LDAP servers return the roles in the user
profile attributes.
If a local user account and a remote user account have the same username, any roles assigned to the remote
user are overridden by those assigned to the local user.
Note
Default User Roles
The system contains the following default user roles:
AAA Administrator
Read-and-write access to users, roles, and AAA configuration. Read access to the rest of the system.
Administrator
Complete read-and-write access to the entire system. The default admin account is assigned this role
by default and it cannot be changed.
Facility Manager
Read-and-write access to power management operations through the power-mgmt privilege. Read
access to the rest of the system.
Network Administrator
Read-and-write access to fabric interconnect infrastructure and network security operations. Read access
to the rest of the system.
Operations
Read-and-write access to systems logs, including the syslog servers, and faults. Read access to the rest
of the system.
Read-Only
Read-only access to system configuration with no privileges to modify the system state.
Server Equipment Administrator
Read-and-write access to physical server related operations. Read access to the rest of the system.
Cisco UCS Manager GUI Configuration Guide, Release 2.0
OL-25712-04 163
User Roles