A role is a collection of privileges for reading or writing classes of managed objects (MOs). For an object class, some roles may have read-only, read-write, or no access privileges. For each of the defined privileges in APIC, the matrix below shows which object classes can be written and which can be read.
NOTE: The admin role has read access to all classes and write access to all configurable classes.
NOTE: In APIC Release 5.x or later, '-admin' roles such as tenant-admin, fabric-admin, access-admin are groupings of roles with the same base name. For example, ‘access-admin’ is a grouping of 'access-connectivity', 'access-equipment', 'access-protocol', and 'access-qos.' Similarly, tenant-admin is a grouping of roles with a ‘tenant‘ base, and fabric-admin is a grouping of roles with a ‘fabric‘ base.
For reference information about object classes, see the APIC Management Information Model Reference.
Select an APIC release level
Select a privilege
Objects by Privilege
Feedback on this document? Send email to apic-docfeedback@cisco.com.
Revised 11 March 2022