Cisco Support Community

What are the Roles and Privileges in a UCS system


Unified Computing System (UCS) combines network, compute and virtualization resources in one system. Therefore managing a UCS system requires expertise in domains of networking, virtualization and storage. The UCS system is thus designed in such a way to provide specific access to a user that suits the user's profile. To provide such a kind of granular access UCS implements the concepts of Roles and Privileges.


Roles and Privileges

Simply put, a Privilege defines what can be done or what function can be performed on the UCS system. These privileges are then grouped accordingly to form a Role which is then assigned to a user. Every user that needs to login to the UCS system need to have a Role assigned to the user's username. This Role determines what the user will be allowed to do once the user logs in to the UCS system. This feature of defining Roles which then further defines the actions that can be done on the UCS system is called as Role based Access Control (RBAC).


The Privileges available in a UCS system are designed in such a way that they break down the tasks that can be performed on a UCS system in smaller sets. For example the privilege “admin” is used for system administrator functionality; likewise the privilege “ext-lan-config” is used for external LAN configuration. These privileges are already defined and they can’t be added or removed. The Roles, as mentioned earlier, are a collection of privileges and can be defined by the administrator as required. For example the role “Storage” has privileges “ext-san-config”, “ext-san-policy”, “ext-san-qos”, and “ext-san-security” associated with it. A super-administrator defines initial roles and specifies which administrators are allowed to assume what roles.


UCS Manager comes with server, network, and storage administrator roles predefined. These roles can be modified, merged, and deleted, and new roles can be created as required. Configuration for the Roles in the UCS manager can be done in the Admin tab and navigating to User Management > User Services > Roles.