Privilege Level to Scan Cisco APIC
Click here to view navigation pane

Privilege Level to Scan Cisco APIC

A role is a collection of privileges for reading or writing classes of managed objects (MOs).  For an object class, some roles may have read-only, read-write, or no access privileges.

Note: The Admin role has read access to all the classes and write access to all configurable classes.

The minimum privilege level of user-role can be set as read-all.

Configuring a User with a Security Domain and Adding Custome Roles and Privileges

To configure a user with a security domain, perform the following steps:

  1.  Login to Cisco APIC 
  2.  Go to Admin tab > AAA (Authentication, Authorization, and Accounting) menu
  3.  Click Users in the Navigation pane. Ensure you have selected the Local Users tab in the work pane.

    Selecting Create Local User through Admin tab.
     
  4. Click Actions icon drop-down list in the work pane and select Create Local User.

    selecting Create Local User from action icon drop down list.

    The create local User window is displayed.
  5. Enter the user ID in the Login ID field and the password in the Password field.


     
  6. Click Next. This will navigate to the Security domain. 
     
  7. Select all checkbox under Security Domain and click Next. This navigates to the Roles domain.


     
  8. Click add symbol in Domain all. Click Role Name drop-down list to select read-all and configure the Role Privilege Type as Read.


     
  9. Click Update.

    A set of Privileges can also be added to different roles.

 Steps to Create Authentication Record for Cisco APIC

  1. Go to Authentication > New > Network and Security > Cisco_APIC


     
  2. Enter the Authentication Type as Basic, Username and Password


     
  3. Click Create.