Explains restrictions and prerequisites for implementing Role-Based Access Control, describing limitations, supported configurations, and important considerations to ensure compliant deployment.
Role and scope per user
From Cisco Catalyst SD-WAN Manager Release 20.13.1, you can only configure one role and one scope per user.
Enabling or disabling Cloud SaaS feeds
To enable or disable Cloud SaaS feeds, a user role requires write permission for the Application Priority Write option.
In Cisco Catalyst SD-WAN Manager Release 20.13.x and Cisco Catalyst SD-WAN Manager Release 20.14.x, a user with the security_operations role can enable or disable Cloud SaaS feeds. From Cisco Catalyst SD-WAN Manager Release 20.15.1, the security_operations role does not include write permission for the Application Priority Write option, and does not support enabling or disabling Cloud SaaS feeds.
Granular RBAC for feature templates
To use any of the template restriction options that are provided for RBAC for co-management, provide permissions for the Template Configuration option. If a specific user role does not have any permissions assigned in the Template Configuration option, the Templates menu will not be visible to the user in SD-WAN Manager.
To enable an RBAC user to apply templates to devices, provide write permission to the Template Deploy option.