Privilege Level to Scan Cisco APIC

A role is a collection of privileges for reading or writing classes of managed objects (MOs).  For an object class, some roles may have read-only, read-write, or no access privileges.

 The Admin role has read access to all classes and write access to all configurable classes.

The minimum privilege level of the user role can be set to read-all.

Configuring a User with a Security Domain and Adding Custome Roles and Privileges

To configure a user with a security domain:

  1.  Login to Cisco APIC 
  2.  Go to Admin tab > AAA (Authentication, Authorization, and Accounting) menu
  3.  Click Users in the left navigation pane. Ensure you have selected the Local Users tab in the work pane.

    Selecting Create Local User through Admin tab.
  4. Click the Actions icon drop-down list in the work pane and then click Create Local User.

    selecting Create Local User from action icon drop down list.
    The Create Local User window opens.
  5. Enter the user ID in the Login ID field and the password in the Password field.

  6. Click Next to navigate to the Security domain.
  7. Select the all checkbox under Security Domain, and then click Next to navigate to the Roles domain.

  8. Click add symbol in Domain all.
  9. Click Role Name drop-down list to select read-all and configure the Role Privilege Type as Read.

  10. Click Update.
    A set of Privileges can also be added to different roles.

Create an Authentication Record for Cisco APIC

To create an authentication record for Cisco APIC:

  1. Go to Authentication > New > Network and Security > Cisco_APIC
  2. Enter the Authentication Type as Basic, Username .
  3. Enter a Password.
  4. Click Create.

 

© 2025 Qualys, Inc. All rights reserved. Privacy Policy. Last updated: November, 2025