UCS RBAC provides granular control over the user security privileges. Combined with UCS organizations, RBAC delegates and controls the user access privileges according to the role and restricts user access within an organization boundary defined for the tenant in case of multitenancy.
Access privileges provide the users with the capability to create, modify, or delete a specific type of configuration. UCS provides some predefined roles and it is also possible to create custom roles based on requirements. The roles are a collection of different privileges. Hence, roles can be assigned to users according to their job requirements. For example, there's a built-in role called read-only that provides only read privileges to the user. This role can be assigned to any user to whom you do not want to provide any configuration capability.
In UCS, a user's authentication can be configured from various resources including the following:
- Local user
- LDAP (Active Directory, OpenLDAP, and so on)
- RADIUS
- TACACS+