UCS provides a number of predefined roles. These roles combine and provide different privileges as per organizational/team role roles of individual users. The built-in roles are as follows:
- aaa: This role provides the member with full access to a user configuration, roles assignment, and Authentication, Authorization, and Accounting (AAA) configuration and provides the read access to the rest of the system.
- admin: This role provides the member complete control of the UCSM. The default local admin account has this role by default, which cannot be changed.
- facility-manager: This role provides the member with full access to power management operations through the power-mgmt privilege and provides read access to the rest of the system.
- network: This role provides the member full access to the Fabric Interconnect infrastructure and network security operations and provides read access to the rest of the system.
- operations: This role provides the member full access to systems logs, including the syslog servers and faults, and provides read access to the rest of the system.
- read-only: This role provides the read-only access to the system configuration with no privileges to modify the system state.
- server-compute: This new role, introduced in UCS 2.1, provides somewhat limited access to the service profiles. For example, a user cannot change vNICs or vHBAs configurations.
- server-equipment: This role provides full access to physical-server-related operations and provides the read access to the rest of the system.
- server-profile: This role provides full access to logical server related operations and provides the read access to the rest of the system.
- server-security: This role provides full access to server-security-related operations and the read access to the rest of the system.
- storage: This role provides full access to storage operations and provides the read access to the rest of the system.
It is also possible to create user-defined roles based on design requirements by adding the new role and assigning required individual privileges.