Skip to content
Skip to search
Skip to footer

Cisco UCS Manager 6.0 Privileges

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Book Contents

Find Matches in This Book

Results

Updated:: September 22, 2025

Chapter: Cisco UCS Manager 6.0 Privileges

Cisco UCS Manager 6.0 Privileges
Cisco UCS Manager 6.0 Privileges

Cisco UCS Manager 6.0 Privileges

Cisco UCS Manager 6.0 Privileges

Aaa (aaa)

This privilege allows a user to perform provisioning operations related to Authentication, Authorization and Accounting. This includes managing users and roles, and configuring services that are exposed to the management interfaces.

Tasks Allowed with this Privilege

A user with this privilege can perform the following tasks:

Configure UCS management connectivity: HTTP, HTTPs, SSH, telnet, CIM, WS-MAN, event channel security.
Configure Key Ring. Import certificates of trusted authorities. Generate and import Certificates.
Configure users, roles, user locales, user sessions, login banner, authentication domains, authentication providers (LDAP, RADIUS, TACACS).
Configure DNS providers and DNS domain.
Configure SNMP policy, SNMP users, SNMP trap destinations.
Configure whether communication policies are resolved locally or through UCS Central.

Admin (admin)

This privilege provides a user with full access to all operations in Cisco UCS Manager.

Tasks Allowed with this Privilege

A user with this privilege can perform the following tasks:

This privilege has full access to all operations.

Ext Lan Config (ext-lan-config)

This privilege allows a user to configure LAN settings on a fabric interconnect, including Ethernet border ports, VLANs, LAN PIN groups, Ethernet SPAN sessions, LAN policies, and management interfaces.

Tasks Allowed with this Privilege

A user with this privilege can perform the following tasks:

Configure Ethernet Link Profile and LACP policy.
Specify the allowed range for virtual MAC addresses.
Configure Fabric Interconnect system name.
Configure Inband CIMC profile.
Configure management interfaces (IPv4 and IPv6) on the Fabric Interconnect.
Configure management interfaces monitoring policy.
Configure DNS providers and DNS domain.
Configure NetFlow policies, exporters and collectors.
Configure Ethernet border ports on the Fabric Interconnect. Add/remove VLANs to border ports.
Configure Ethernet monitoring sessions (SPAN).
Enable/Disable Ethernet ports on a Fabric Interconnect or IO Module. Set port labels.
Configure Ethernet PIN Groups.
Configure VLANs and VLAN groups.
Enable/Disable Ethernet/FC/iSCSI ports and port channels on a server adapter. Set port/port channel label.
Configure MAC aging properties. Specify Ethernet end-host or switching mode. Enable/Disable VLAN compression.

Ext Lan Policy (ext-lan-policy)

This privilege allows a user to configure LAN settings on a fabric interconnect, including Ethernet border ports, VLANs, LAN PIN groups, Ethernet SPAN sessions, LAN policies, and vNIC/vHBA placement policies

Tasks Allowed with this Privilege

A user with this privilege can perform the following tasks:

Configure Ethernet Link Profile and LACP policy.
Configure Ethernet border ports on the Fabric Interconnect. Add/remove VLANs to border ports.
Specify the allowed range for virtual MAC addresses.
Configure Ethernet monitoring sessions (SPAN).
Enable/Disable Ethernet ports on a Fabric Interconnect or IO Module. Set port labels.
Configure Inband CIMC profile.
Create/modify/delete vNIC/vHBA placement.
Configure Ethernet PIN Groups.
Configure VLANs and VLAN groups.
Enable/Disable Ethernet/FC/iSCSI ports and port channels on a server adapter. Set port/port channel label.
Configure NetFlow policies, exporters and collectors.
Configure MAC aging properties. Specify Ethernet end-host or switching mode. Enable/Disable VLAN compression.

Ext Lan Qos (ext-lan-qos)

This privilege allows a user to configure QoS classes of service for Ethernet and Fibre Channel and to configure Ethernet MTU.

Tasks Allowed with this Privilege

A user with this privilege can perform the following tasks:

Ext Lan Security (ext-lan-security)

This privilege allows a user to configure NTP providers, and date and time zone settings.

Tasks Allowed with this Privilege

A user with this privilege can perform the following tasks:

Configure NTP providers, date and time zone.

Ext San Config (ext-san-config)

This privilege allows a user to configure SAN settings on a fabric interconnect, including FC/FCoE border ports, VSANs, SAN PIN groups, and Fibre Channel SPAN sessions.

Tasks Allowed with this Privilege

A user with this privilege can perform the following tasks:

Ext San Policy (ext-san-policy)

This privilege allows a user to configure SAN settings on a fabric interconnect, including FC/FCoE border ports, VSANs, SAN PIN Groups, and Fibre Channel SPAN sessions.

Tasks Allowed with this Privilege

A user with this privilege can perform the following tasks:

Configure storage connection within a Service Profile.
Specify Fibre Channel end-host or switching mode. Specify FC trunking mode.
Configure Fibre Channel PIN Groups.
Configure Fibre Channel monitoring sessions.
Create/modify/delete storage connection policies.
Configure VSANs.
Configure the allowed range for virtual WWN addresses.
Configure Fibre Channel and FCoE ports on the Fabric Interconnect. Add/remove VSANs to FC ports. Configure the FCoE native VLAN.

Ext San Qos (ext-san-qos)

This privilege allows a user to configure QoS classes of service for Ethernet and Fibre Channel and to configure Ethernet MTU.

Tasks Allowed with this Privilege

A user with this privilege can perform the following tasks:

Fault (fault)

This privilege allows a user to configure fault policies, Call Home policies, and fault suppression policies. The user can also acknowledge faults in Cisco UCS Manager.

Tasks Allowed with this Privilege

A user with this privilege can perform the following tasks:

Configure Call Home policies. Used to send call home events when a fault is raised.
Configure whether fault policies are resolved locally or through UCS Central.
Acknowledge faults, configure fault policies (flap interval, soak interval, clear/ack action, limits, retention).

Service Profile Compute (ls-compute)

This privilege allows a user to configure most aspects of service profiles. However the user cannot create, modify or delete vNICs or vHBAs. You can use this privilege to enforce a strong separation between server, network, and storage provisioning activities. For example, a network administrator can create vNICs, a storage administrator can create vHBAs, and the server administrator can configure all other elements of a service profile

Tasks Allowed with this Privilege

A user with this privilege can perform the following tasks:

Configure power policies and power placement.
Create/modify/delete Service Profiles/Templates. Assign policies to Service Profiles. Acknowledge service profile pending tasks.
Assign storage profiles to Service Profiles.
Assign usNIC policies to service profile.
Configure Service Profile scriptable vMedia.
Configure vHBA initiator groups.
Create/modify/delete Service Profile maintenance policies.
Configure Service Profile scriptable vMedia policies.
Configure Storage Profiles. Assign storage profiles to Service Profiles.
Perform maintenance tasks on local disks, local LUNs and remote LUNs.
Configure VMQ policies.
Associate and Disassociate Service Profiles.
Create/modify/delete Service Profile dynamic vNICs within a Service Profile.
Configure schedules. Schedules can be used to trigger one-time or periodic tasks in the future.
Configure the vNIC/vHBA placement of a Service Profile.
Create/modify/delete local storage policies (disks and LUNs).
Configure Service Profile BIOS policies.
Configure Inband CIMC IP connectivity.

Service Profile Config (ls-config)

This privilege allows a user to configure service profiles and to configure distributed virtual switches (DVSes) in a VM-FEX environment.

Tasks Allowed with this Privilege

A user with this privilege can perform the following tasks:

Configure power policies and power placement.
Create/modify/delete Service Profiles/Templates. Assign policies to Service Profiles. Acknowledge service profile pending tasks.
Configure Service Profile scriptable vMedia policies.
Configure Storage Profiles. Assign storage profiles to Service Profiles.
Configure VMware vCenter connections, datacenters, folders, switch.
Configure vNIC behavior policy when vNICs are not explicitly defined.
Configure vHBA behavior policy when vHBAs are not explicitly defined.
Create/modify/delete local storage policies (disks and LUNs).
Configure Service Profile vNICs storage initiator autoconfig policies.
Assign storage profiles to Service Profiles.
Assign usNIC policies to service profile.
Configure Service Profile scriptable vMedia.
Create/modify/delete Service Profile maintenance policies.
Assign port profiles to Distributed Virtual Switches.
Configure VMware vCenter cryptographic keys.
Perform maintenance tasks on local disks, local LUNs and remote LUNs.
Configure FC group templates.
Associate and Disassociate Service Profiles.
Create/modify/delete Service Profile dynamic vNICs within a Service Profile.
Configure schedules. Schedules can be used to trigger one-time or periodic tasks in the future.
Within a service profile, specify if vNICs/vHBAs should be inherited from the hardware when vNICs/vHBAs are not explicitly defined.
Configure the vNIC/vHBA placement of a Service Profile.
Configure SAN connectivity policies. Configure Service Profile vHBAs and add/remove VSANs on vHBAs.
Configure Service Profile BIOS policies.
Configure Inband CIMC IP connectivity.

Service Profile Config Policy (ls-config-policy)

This privilege allows a user to configure policies that are applied to Service Profiles, including host firmware packages, local disk policies, boot policies, and Serial over LAN policies

Tasks Allowed with this Privilege

A user with this privilege can perform the following tasks:

Configure power policies and power placement.
Create/modify/delete Ethernet adapter policies (Ethernet and iSCSI).
Assign storage profiles to Service Profiles.
Configure Service Profile scriptable vMedia.
Create/modify/delete Service Profile maintenance policies.
Configure Service Profile scriptable vMedia policies.
Assign port profiles to Distributed Virtual Switches.
Configure VMware vCenter connections, datacenters, folders, switch.
Configure VMware vCenter cryptographic keys.
Create/modify/delete management firmware packages. This feature is deprecated.
Associate and Disassociate Service Profiles.
Configure Service Profile boot policies.
Configure iSCSI authentication profile.
Configure Serial over LAN policies.
Create/modify/delete local storage policies (disks and LUNs).
Create/modify/delete FC adapter policies.

Service Profile Ext Access (ls-ext-access)

Service profile end point access

Tasks Allowed with this Privilege

A user with this privilege can perform the following tasks:

Service Profile Network (ls-network)

This privilege allows a user to configure network policies and network elements that are applied to service profile vNICs. A user can also configure other network elements that impact service profiles, such as server ports.

Tasks Allowed with this Privilege

A user with this privilege can perform the following tasks:

Create/modify/delete Ethernet adapter policies (Ethernet and iSCSI).
Assign usNIC policies to service profile.
Specify the allowed range for virtual MAC addresses.
Assign port profiles to Distributed Virtual Switches.
Configure VMware vCenter connections, datacenters, folders, switch.
Configure vNIC behavior policy when vNICs are not explicitly defined.
Configure VMQ policies.
Create/modify/delete Service Profile dynamic vNICs within a Service Profile.
Create/modify/delete Service Profile dynamic vNIC policies.
Configure VLAN and VLAN group org permissions.
Create/modify/delete Network Control policies.
Create/modify/delete vNIC/vHBA placement.
Configure Ethernet server ports on the Fabric Interconnect.
Configure Inband CIMC IP connectivity.
Reset IO Module and FEX. Set IO Module/FEX labels.

Service Profile Network Policy (ls-network-policy)

This privilege allows a user to configure network policies and network elements that are applied to service profile vNICs.

Tasks Allowed with this Privilege

A user with this privilege can perform the following tasks:

Configure pools of MAC addresses.
Create/modify/delete Service Profile dynamic vNIC policies.
Specify the allowed range for virtual MAC addresses.
Create/modify/delete Network Control policies.
Create/modify/delete vNIC/vHBA placement.
Configure Ethernet server ports on the Fabric Interconnect.
Configure pools of IP addresses.
Configure VMQ policies.
Reset IO Module and FEX. Set IO Module/FEX labels.
Create/modify/delete Service Profile dynamic vNICs within a Service Profile.

Service Profile Qos Policy (ls-qos-policy)

Service Profile QOS policy

Tasks Allowed with this Privilege

A user with this privilege can perform the following tasks:

Create/modify/delete QoS rate-limiting and Flow Control policies.

Service Profile Security (ls-security)

This privilege allows a user to configure IPMI policies.

Tasks Allowed with this Privilege

A user with this privilege can perform the following tasks:

Service Profile Security Policy (ls-security-policy)

This privilege allows a user to configure IPMI policies.

Tasks Allowed with this Privilege

A user with this privilege can perform the following tasks:

Configure IPMI users and IPMI authentication profiles.

Service Profile Server (ls-server)

This privilege allows a user to configure service profiles.

Tasks Allowed with this Privilege

A user with this privilege can perform the following tasks:

Configure power policies and power placement.
Create/modify/delete Service Profiles/Templates. Assign policies to Service Profiles. Acknowledge service profile pending tasks.
Assign storage profiles to Service Profiles.
Assign usNIC policies to service profile.
Configure Service Profile scriptable vMedia.
Create/modify/delete Service Profile maintenance policies.
Configure Service Profile scriptable vMedia policies.
Configure Storage Profiles. Assign storage profiles to Service Profiles.
Configure vNIC behavior policy when vNICs are not explicitly defined.
Perform maintenance tasks on local disks, local LUNs and remote LUNs.
Configure FC group templates.
Configure VMQ policies.
Associate and Disassociate Service Profiles.
Create/modify/delete Service Profile dynamic vNICs within a Service Profile.
Configure schedules. Schedules can be used to trigger one-time or periodic tasks in the future.
Within a service profile, specify if vNICs/vHBAs should be inherited from the hardware when vNICs/vHBAs are not explicitly defined.
Configure the vNIC/vHBA placement of a Service Profile.
Configure SAN connectivity policies. Configure Service Profile vHBAs and add/remove VSANs on vHBAs.
Configure vHBA behavior policy when vHBAs are not explicitly defined.
Create/modify/delete local storage policies (disks and LUNs).
Configure Service Profile BIOS policies.
Configure Service Profile vNICs storage initiator autoconfig policies.
Configure Inband CIMC IP connectivity.

Service Profile Server Oper (ls-server-oper)

This privilege allows a user to control the power state of a service profile.

Tasks Allowed with this Privilege

A user with this privilege can perform the following tasks:

Control the power state of a Service Profile.

Service Profile Server Policy (ls-server-policy)

This privilege allows a user to control the power state of a service profile, associate and disassociate service profiles, and configure server-related policies.

Tasks Allowed with this Privilege

A user with this privilege can perform the following tasks:

Configure power policies and power placement.
Create/modify/delete Ethernet adapter policies (Ethernet and iSCSI).
Configure Service Profile scriptable vMedia.
Configure Service Profile scriptable vMedia policies.
Create/modify/delete management firmware packages. This feature is deprecated.
Create/modify/delete server-related policies: maintenance, BIOS.
Associate and Disassociate Service Profiles.
Configure Service Profile boot policies.
Configure DIMM black listing policy.
Configure iSCSI authentication profile.
Control the power state of a Service Profile.
Create/modify/delete vNIC/vHBA placement.
Configure Service Profile vNICs storage initiator autoconfig policies.
Create/modify/delete FC adapter policies.

Service Profile Storage (ls-storage)

This privilege allows a user to configure storage policies and storage elements that are applied to service profile vHBAs. The user can also configure other storage elements that impact service profiles.

Tasks Allowed with this Privilege

A user with this privilege can perform the following tasks:

Assign storage profiles to Service Profiles.
Configure Service Profile scriptable vMedia.
Configure vHBA initiator groups.
Configure Service Profile scriptable vMedia policies.
Configure Storage Profiles. Assign storage profiles to Service Profiles.
Create/modify/delete storage connection policies.
Configure the allowed range for virtual WWN addresses.
Perform maintenance tasks on local disks, local LUNs and remote LUNs.
Configure FC group templates.
Configure the FC storage visibility for a vHBA initiator group.
Set FC zone labels.
Configure vHBA behavior policy when vHBAs are not explicitly defined.
Create/modify/delete local storage policies (disks and LUNs).
Configure Service Profile vNICs storage initiator autoconfig policies.
Configure the allowed range for UUIDs.
Create/modify/delete FC adapter policies.

Service Profile Storage Policy (ls-storage-policy)

This privilege allows a user to configure storage policies and storage elements that are applied to service profile vHBAs.

Tasks Allowed with this Privilege

A user with this privilege can perform the following tasks:

Configure storage connection within a Service Profile.
Assign storage profiles to Service Profiles.
Configure Service Profile scriptable vMedia.
Configure Service Profile scriptable vMedia policies.
Configure Storage Profiles. Assign storage profiles to Service Profiles.
Configure pools of IQN addresses (for iSCSI).
Create/modify/delete storage connection policies.
Configure pools of WWN addresses.
Configure the allowed range for virtual WWN addresses.
Configure FC group templates.
Configure Service Profile boot policies.
Create/modify/delete local storage policies (disks and LUNs).
Create/modify/delete vNIC/vHBA placement.
Configure Service Profile vNICs storage initiator autoconfig policies.
Configure the allowed range for UUIDs.

Operations (operations)

This privilege allows a user to perform maintenance activities, such as SEL backup operations, and to configure system-level policies, such as call home, syslog, and log level, and to create tech support files.

Tasks Allowed with this Privilege

A user with this privilege can perform the following tasks:

Acknowledge faults.
Configure the Catalog pack, specifying which catalog to be used.
Configure the logging level for debug log files on the Fabric Interconnect.
Configure whether config, firmware and monitoring policies are resolved locally or through UCS Central.
Create/modify/delete stats threshold policies.
Generate and download Tech Support files.
Configure the statistics collection policies.
Clear or backup SEL log files (FEX, IO Module, CIMC). Configure SEL log policy.
Configure core file export policies. Download core files.
Configure log file export policies. Export log files.
Configure the Syslog feature.

Org Management (org-management)

This privilege allows a user to configure organizations in the org hierarchy.

Tasks Allowed with this Privilege

A user with this privilege can perform the following tasks:

Create/modify/delete organizations.

Server Equipment (pn-equipment)

This privilege allows a user to configure the power supply redundancy policy and to control the power state of network adapters.

Tasks Allowed with this Privilege

A user with this privilege can perform the following tasks:

Control power state of network adaptors.
Configure Power Supply Redundancy policy. Configure whether PSU redundancy policies can be resolved through UCS Central.

Server Maintenance (pn-maintenance)

This privilege allows a user to perform maintenance operations on physical servers, such as acknowledging servers, configuring locator LEDs, and decommissioning servers.

Tasks Allowed with this Privilege

A user with this privilege can perform the following tasks:

Perform server maintenance operations: reset CIMC, reset KVM server, reset CMOS, reset BIOS password,perform diagnostic interrupt, reset server. Set blade and rack server labels.
Configure locator, indicator, beacon and health LEDs.
Enable/Disable mapping out of black-listed DIMMs. Reset server DIMM errors.
Enable/Disable Ethernet ports on a Fabric Interconnect or IO Module. Set port labels.
Control the power state of a Service Profile.
Configure diagnostics.
Acknowledge, decommission, recommission and recover blade servers and rack servers.
Acknowledge Chassis and IO Module. Set Chassis labels and chassis IDs.
Enable/Disable Ethernet/FC/iSCSI ports and port channels on a server adapter. Set port/port channel label.
Reset IO Module and FEX. Set IO Module/FEX labels.

Server Policy (pn-policy)

This privilege allows a user to configure server-related policies.

Tasks Allowed with this Privilege

A user with this privilege can perform the following tasks:

Perform server maintenance operations: reset CIMC, reset KVM server, reset CMOS, reset BIOS password,perform diagnostic interrupt, reset server. Set blade and rack server labels.
Configure Service Profile disk and BIOS scrub policies.
Enable/Disable mapping out of black-listed DIMMs. Reset server DIMM errors.
Run diagnostics.
Assign port profiles to Distributed Virtual Switches.
Configure Power Supply Redundancy policy. Configure whether PSU redundancy policies can be resolved through UCS Central.
Configure VMware vCenter connections, datacenters, folders, switch.
Configure VMware vCenter cryptographic keys.
Configure whether server/chassis discovery policies can be resolved through UCS Central.
Configure server pools, server pool policies, and server pool qualification policies.
Configure DIMM black listing policy.
Configure locator, indicator, beacon and health LEDs.
Configure UUID pools.
Control power state of network adaptors.
Configure Virtual Machine and Virtual Machine vNIC retention policy.
Control the power state of a Service Profile.
Acknowledge, decommission, recommission and recover blade servers and rack servers.
Configure server/chassis discovery, acknowledgement and connectivity policies. Configure blade inheritance and auto-configuration policy.
Acknowledge Chassis and IO Module. Set Chassis labels and chassis IDs.
Configure Service Profile BIOS policies.
Reset IO Module and FEX. Set IO Module/FEX labels.

Server Security (pn-security)

Server security

Tasks Allowed with this Privilege

A user with this privilege can perform the following tasks:

Power Mgmt (power-mgmt)

This privilege allows a user to configure power groups, the power budget, and power policies.

Tasks Allowed with this Privilege

A user with this privilege can perform the following tasks:

Configure Power Groups, power budget, and power policies.

Was this Document Helpful?

Feedback

Feedback

Contact Cisco

Open a Support Case
(Requires a Cisco Service Contract)