09-01-2023 03:11 AM
Hi,
How to create phyical domain with non-admin user? I tried many rbac rules configuration but it didn't work!
09-01-2023 03:35 AM - edited 09-01-2023 04:01 AM
Hi @conf-t ,
I have some bad news.
You can't create a Physical Domain unless you have rights to do so - which typically means admin rights. Or more precisely, write privileges to the all security domain.
So if your user ID does not have such rights, you won't be able to create a Physical Domain.
To see what rights you have, click the user icon in the top-right hand corner and select View My Permissions
If you don't see that you have any Write Privileges for the Domain all, then you are out of luck - like this user
The problem with trying to create RBAC rules to allow someone to create an object of type physDomP is that you need rights to the parent object to be able to create child objects.
A quick look at the distinguished name of a physical domain shows that it is a child object of uni
apic1# moquery -c physDomP | grep ^dn dn : uni/phys-Common:SharedServices_PhysDom dn : uni/phys-mgmt:SharedServices_PhysDom dn : uni/phys-T10:MappedVLANs_PhysDom
so to give rights to someone to allow them to create physDomPs, you need write rights to uni - or in ACI terms - the security domain all
Later Edit
You don't HAVE to give users right ot the all security domain - BUT the alternative I'm about to describe essentially does the same thing.
Job done! But not a very satisfactory answer - and it's annoyed the hell out me too.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide