How to create phyical domain with non-admin user?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-01-2023 03:11 AM
Hi,
How to create phyical domain with non-admin user? I tried many rbac rules configuration but it didn't work!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-01-2023 03:35 AM - edited 09-01-2023 04:01 AM
Hi @conf-t ,
I have some bad news.
You can't create a Physical Domain unless you have rights to do so - which typically means admin rights. Or more precisely, write privileges to the all security domain.
So if your user ID does not have such rights, you won't be able to create a Physical Domain.
To see what rights you have, click the user icon in the top-right hand corner and select View My Permissions
If you don't see that you have any Write Privileges for the Domain all, then you are out of luck - like this user
The problem with trying to create RBAC rules to allow someone to create an object of type physDomP is that you need rights to the parent object to be able to create child objects.
A quick look at the distinguished name of a physical domain shows that it is a child object of uni
apic1# moquery -c physDomP | grep ^dn dn : uni/phys-Common:SharedServices_PhysDom dn : uni/phys-mgmt:SharedServices_PhysDom dn : uni/phys-T10:MappedVLANs_PhysDom
so to give rights to someone to allow them to create physDomPs, you need write rights to uni - or in ACI terms - the security domain all
Later Edit
You don't HAVE to give users right ot the all security domain - BUT the alternative I'm about to describe essentially does the same thing.
- Create a new security domain - say test
- Create a new RBAC rule that allows Write access to the DN uni for the security domain test
- Give your user write right to the admin role for the security domain test
Job done! But not a very satisfactory answer - and it's annoyed the hell out me too.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.
