Home
Support
Product Support
Routers
Cisco SD-WAN
Configuration Guides

Cisco Catalyst SD-WAN User Management Guide, Releases 26.x and Later

What two factors determine a user's system access in Role-Based Access Control?
What are the five categories of role-based access privileges?
Can you modify or delete system default roles?

View all Saved Content

PDF

Is this content helpful?

Helpful Unhelpful

Suggestions for Improvement

Thank you for your feedback. Your response has been recorded.

Ask about this content

Cisco Catalyst SD-WAN User Management Guide, Releases 26.x and Later

What two factors determine a user's system access in Role-Based Access Control?
What are the five categories of role-based access privileges?
Can you modify or delete system default roles?

Expand all sections

About this content

Users and Access

Users and access
Account lockout
User sessions
Ciscotac user access

Password Management

Hardened passwords
Type 6 passwords

Authentication

Authentication
Authentication order
Authentication fallback mechanism
Duo Multi-factor authentication
RADIUS authentication
SSH authentication
IEEE 802.1X authentication
Authentication, Authorization, and Accounting
Posture assessment support

Role-Based Access Control

Role-Based Access Control
Restrictions for configuring RBAC
RBAC by VPN
RBAC with AAA
User authorization rules for operational and configuration commands
RBAC by scope
Granular RBAC
RBAC for policies
Configure RBAC for CFlowd policy
Assigning roles to users defined by identity providers
Configure RBAC
Prerequisites for Application Catalog features
Manage user group permissions
Configure Users
Configure user sessions
Configure VPN segments
Configure VPN groups
Verify granular RBAC permissions
Monitor devices for VPN groups

RBAC by VPN

Updated: April 24, 2026

Want to summarize with AI?

On this page

Restricted access capabilities for users assigned to a VPN group

VPN dashboard

Describes Role-Based Access Control integration with VPNs, outlining concepts and practices for managing user access across virtual network segments.

RBAC by VPN is a network access control method that enables administrators to

define VPN groups with one or more network segments
assign users to specific VPN groups to manage and control their access, and
restrict user permissions so that access and monitoring are limited to devices and features within designated VPN groups in Cisco SD-WAN Manager.

Restricted access capabilities for users assigned to a VPN group

RBAC by VPN provides these restricted access to users configured with a VPN group:

Access to the VPN dashboard
Monitor devices, network, and application status via VPN dashboard
VPN dashboard information restricted to devices with segments in the VPN group
Monitor option restricted to devices with segments in the VPN group
Interface monitoring on each device restricted to interfaces of segments in the VPN group

VPN dashboard

Users configured with VPN group can access only the VPN dashboard in read-only mode. Users with admin access can create the VPN groups and access both the Admin Dashboard and VPN Dashboard(s). An admin user can access these dashboards by choosing Dashboard from the Cisco SD-WAN Manager menu.

Need help?

Open a support case

(Requires a Cisco Service Contract)

Bias-free language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.