Privilege Level to Scan Cisco APIC
A role is a collection of privileges for reading or writing classes of managed objects (MOs). For an object class, some roles may have read-only, read-write, or no access privileges.
Note: The Admin role has read access to all the classes and write access to all configurable classes.
The minimum privilege level of user-role can be set as read-all.
Configuring a User with a Security Domain and Adding Custome Roles and Privileges
To configure a user with a security domain, perform the following steps:
- Login to Cisco APIC
- Go to Admin tab > AAA (Authentication, Authorization, and Accounting) menu
- Click Users in the Navigation pane. Ensure you have selected the Local Users tab in the work pane.
![Selecting Create Local User through Admin tab.](../images/pc_sigs/admin_users.png)
- Click Actions icon drop-down list in the work pane and select Create Local User.
![selecting Create Local User from action icon drop down list.](../images/pc_sigs/action_icon_create.png)
The create local User window is displayed.
- Enter the user ID in the Login ID field and the password in the Password field.
![](../images/pc_sigs/create_local_user.png)
- Click Next. This will navigate to the Security domain.
- Select all checkbox under Security Domain and click Next. This navigates to the Roles domain.
![](../images/pc_sigs/create_security.png)
- Click add symbol in Domain all. Click Role Name drop-down list to select read-all and configure the Role Privilege Type as Read.
![](../images/pc_sigs/create_roles.png)
- Click Update.
A set of Privileges can also be added to different roles.
Steps to Create Authentication Record for Cisco APIC
- Go to Authentication > New > Network and Security > Cisco_APIC
![](../images/pc_sigs/auth_cisco.png)
- Enter the Authentication Type as Basic, Username and Password
![](../images/pc_sigs/new_cisco.png)
- Click Create.