Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
508
Views
4
Helpful
1
Replies

Are device groups in 1.3 the same as the RBAC role?

Nathan Sowatskey
Cisco Employee
Cisco Employee

‎11-02-2016 06:59 AM - edited ‎03-01-2019 04:33 AM

Hi

APIC-EM 1.3 seems to have introduced a new concept of device groups, illustrated in the attached image.

The default group is "All".

Does this have any relationship with the RBAC Scope, the default value for which is also "All"?

In 1.2, the RABAC scope was not actually implemented for the REST APIs.

So, if the device group is the same as the RABAC scope, does this mean that the RBAC scope is now implemented?

Many thanks

Nathan

Screen Shot 2016-11-02 at 14.56.54.png

Labels:
1 Reply 1

aradford
Cisco Employee
Cisco Employee

‎11-06-2016 08:07 PM

Yes it does.

This is the start of multi-tenancy.

You define a device group and then allocate that device group to a user  (Scope) (along with  a role).  The user can perform the role (POLICY_ADMIN, OBSERVER etc) on that group of devices (scope).

I was just about to write this up, but it is also in the config guide Cisco Application Policy Infrastructure Controller Enterprise Module Configuration Guide, Release 1.3.x - Managing User…

Customers Also Viewed These Support Documents