Action privileges for user roles

The following tables list the user action privileges associated with each user role.

The Use privilege is a special case that allows you to associate objects to objects that you own but you are not allowed to change. For example, in a logical interconnect group, a user assigned the role of Server administrator is not allowed to define logical interconnect groups, but can use them when adding an enclosure. A Read only user is not authorized to add any certificates in the appliance.

Category	Action privileges for user roles IA=Infrastructure administrator, admin=administrator (C=Create, R=Read, U=Update, D=Delete, Use)
Category	IA	Server admin	Network admin	Backup admin	Storage admin	Software admin
activities	CRUD	CRU	CRU	R	CRU	CRU
alerts	RUD	RUD	RUD	—	RUD	RUD
appliance	CRUD	R	R	R	R	R
audit logs	CR	R	R	—	R	—
backups	CRUD	R	R	CRD	R	R
certificates	CRUD	—	—	—	—	—
community string	RU	R	CRU	—	R	R
connections	CRUD	R	CR	R	R	R
connection templates	CRUD, Use	R, Use	CRUD	R	R	R
console users	CRUD	—	—	—	—	—
data centers	CRUD	CRUD	R	R	R	R
debug logs	CRUD	CRU	CRU	—	R	CRU
device bays	CRUD	CRUD	R	R	R	R
domains	CRUD	R	CRU	R	R	R
enclosures	CRUD	CRUD	R	R	R	R
enclosure groups	CRUD, Use	CRUD, Use	R	R	R	R
Ethernet networks	CRUD	R	CRUD	R	R	R
events	CRU	CRU	CRU	—	R	CRU
FC aliases	CRUD	R	R	R	CRUD	R
FC device managers	CRUD	R	R	R	CRUD	R
FC endpoints	R	R	R	R	R	R
FC networks	CRUD	R	CRUD	R	R	R
FCOE networks	CRUD, Use	R	CRUD, Use	R	R	R
FC ports	R	R	R	R	R	R
FC providers	R	R	R	R	R	R
FC SANs	CRUD	R	R	R	CRUD	R
FC SAN services	CRUD	R	R	R	CRUD	R
FC switches	R	R	R	R	R	R
FC tasks	R	R	R	R	R	R
FC zones	CRUD	R	R	R	CRUD	R
firmware drivers	CRUD	CRUD	CRUD	R	R	R
global settings	CRUD	CRUD	CRUD	R	CRUD	CRUD
grouptorole mappings	CRUD	—	—	—	R	—
hosts	CRUD	R	R	R	R	—
host clusters	CRUD	R	R	R	R	—
ID range ipv4	CRUD	RU	CRUD	R	R	R
ID range ipv4 subnet	CRUD	RU	CRUD	R	R	R
ID range vmacs (MAC addresses)	CRUD	R	CRU	R	R	R
ID range vsns (serial numbers)	CRUD	CRU	R	R	R	R
ID range vwwns (World Wide Names)	CRUD	R	CRU	R	R	R
infrastructure vms	CRUD	CRUD	R	R	R	R
integrated tools	CRUD	R	R	R	R	R
interconnects	CRUD	CR	CRUD	R	R	R
interconnect types	R, Use	R	CRUD	R	R	R
labels	CRUD	CRUD	CRUD	R	CRUD	CRUD
licenses	CRUD	CR	R	R	R	R
logical downlinks	R	R	R	R	R	R
logical enclosures	CRUD, Use	CRUD, Use	R, Use	R	R, Use	R, Use
logical interconnects	RU, Use	R, Use	RU, Use	R	R	R
logical interconnects groups	CRUD, Use	R, Use	CRUD, Use	R	R	R
login domains	CRUD	—	—	—	R	R
login sessions	CRUD	RU	RU	RU	RU	—
managed SANs	CRUD, Use	R	R, Use	R	CRUD, Use	—
networks	CRUD, Use	R, Use	CRUD, Use	R	R	—
network sets	CRUD, Use	CRUD¹	CRUD	R	R	R
notifications	CRUD	CRD	CRD	R	R	—
organizations	CRUD	—	—	—	R	—
ports	RU, Use	—	RU, Use	—	R	R
power devices	CRUD	CRUD	R	R	R	R
racks	CRUD	CRUD	R	R	R	R
reports	R	R	R	R	R	R
repository manager	CRUD	CRUD	CRUD	R	R	R
restores	CRUD	—	—	—	—	—
roles	CRUD	—	—	—	—	—
SANS	CRUD, Use	R	R	R	CRUD, Use	—
SAN manager	CRUD, Use	R	R	R	CRUD, Use	—
scopes	CRUD, Use	R	R	R	R	R
server hardware	CRUD, Use	CRUD, Use	R	R	R	R
server hardware firmware inventory	R	R	R	R	R	R
server hardware types	CRUD, Use	CRUD, Use	R	R	R	R
server profiles	CRUD	CRUD	R	R	R	R
server profile templates	CRUD, Use	CRUD, Use	—	R	R	R
storage pools	RU	R	R	R	RU	R
storage systems	CRUD	R	R	R	CRUD	R
storage target ports	CRUD	R	R	R	CRUD	R
storage volumes	CRUD	CRUD	R	R	CRUD	R
storage volume attachments	CRUD	CRUD	R	R	CRUD	R
storage volumes templates	CRUD	R	R	R	CRUD	R
storage volume sets	R	R	R	R	R	R
support	CRUD, Use	R, Use	R	R	R, Use	R, Use
tasks	R	R	R	R	R	R
trap forwarding	RU	R	R	R	R	R
unmanaged devices	CRUD	CRUD	R	R	R	R
update	R	—	—	—	—	—
uplink sets	CRUD	R	CRUD	R	R	R
users	CRUD	—	—	—	—	—
user preferences	CRUD	—	—	—	—	—

Server administrators cannot edit bandwidths.

Category	Action privileges for specialized user roles IA=Infrastructure administrator, admin=administrator (C=Create, R=Read, U=Update, D=Delete, Use)
Category	Read only	Scope admin	Scope operator	Server firmware operator	Server profile architect	Server profile admin	Server profile operator
activities	R	R	R	R	R	R	R
alerts	R	R	R	R	R	R	R
appliance	R	R	R	R	R	R	R
audit logs	—	—	—	—	—	—	—
backups	R	R	R	R	R	R	R
certificates	R	R	R	R	R	R	R
community string	—	—	—	—	—	—	—
connections	R	R	R	R	R	R	R
connection templates	R	R	R	R	R	R	R
console users	—	—	—	—	—	—	—
data centers	R	R	R	R	R	R	R
debug logs	R	R	R	R	R	R	R
device bays	R	R	R	R	R	R	R
domains	R	R	R	R	R	R	R
enclosures	R	R, Use	R, Use	R	R, Use	R, Use	R, Use
enclosure groups	R	R, Use	R	R	R	R, Use	R, Use
enclosure types
Ethernet networks	R	R, Use	R, Use	R	R, Use	R, Use	R, Use
events	R	R	R	R	R	R	R
FC aliases	R	R	R	R	R	R	R
FC device managers	R	R	R	R	R	R	R
FC endpoints	R	R	R	R	R	R	R
FC networks	R	R, Use	R, Use	R	R, Use	R, Use	R, Use
FCOE networks	R	R, Use	R, Use	R	R, Use	R, Use	R, Use
FC ports	R	R	R	R	R	R	R
FC providers	R	R	R	R	R	R	R
FC SANs	R	R	R	R	R	R	R
FC SAN services	R	R	R	R	R	R	R
FC switches	R	R	R	R	R	R	R
FC tasks	R	R	R	R	R	R	R
FC zones	R	R	R	R	R	R	R
firmware drivers	R	R, Use	R, Use	R	R, Use	R, Use	R, Use
global settings	R	R	R	R	R	R	R
grouptorole mappings	R	R	R	R	R	R	R
hosts	R	R	R	R	R	R	R
ID range vmacs (MAC addresses)	R	R	R	R	R	R	R
ID range vsns (serial numbers)	R	R	R	R	R	R	R
ID range vwwn (World Wide Names)	R	R	R	R	R	R	R
infrastructure vms	R	R	R	R	R	R	R
integrated tools	R	R	R	R	R	R	R
interconnects	R	R, Use	R, Use	R	R	R	R
interconnect types	R	R	R	R	R	R	R
labels	R	R	R	R	CRUD	CRUD	CRUD
licenses	R	R	R	R	R	R	R
logical downlinks	R	R	R	R	R	R	R
logical enclosures	R	R, Use	R, Use	R	R	R	R
logical interconnects	R	R, Use	R, Use	R	R	R	R
logical interconnect groups	R	R, Use	R, Use	R	R, Use	R, Use	R
login domains	R	R	R	R	R	R	R
login sessions	RU	R	R	R	RU	RU	RU
managed SANs	R	—	—	R	R	R	R
networks	R	R	R	R	R	R	R
network sets	R	R, Use	R, Use	R	CRUD, Use	CRUD, Use	R, Use
notifications	R	R	R	R	R	R	R
organizations	R	R	R	R	R	R	R
ports	—	R		—	—	—	—
power devices	R	R	R	R	R	R	R
racks	R	R	R	RU, Use	R	R	R
reports	R	R	R	R	R	R	R
repository manager	—	R	R	R	R	R	R
restores	R	R	R	R	R	R	R
roles	R	R	R	R	R	R	R
SANs	R	—	—	R	R	R	R
SAN manager	R	—	—	R	R	R	R
scopes	R	CRUD	RU	R	R	R	R
server hardware	R	R, Use	R, Use	RU, Use	RU, Use	RU, Use	RU, Use
server hardware firmware inventory	R	R	R	R	R	R	R
server hardware types	R	R	R	R	R	R	R
server profiles	R	R, Use	R, Use	RU¹	CRUD	CRUD	RU, Use
server profile templates	R	R	R	R	CRUD, Use	R, Use	R
storage pools	R	R, Use	R, Use	R	R, Use	R, Use	R, Use
storage systems	R	R	R	R	R	R	R
storage target ports	R	R	R	R	R	R	R
storage volumes	R	R, Use	R, Use	R	CRUD, Use	CRUD, Use	R, Use
storage volume attachments	R	R	R	R	R	R	R
storage volume templates	R	R, Use	R, Use	R	R, Use	R, Use	R, Use
support	—	R	R	R	R	R	R
tasks	R	R	R	R	R	R	R
trap forwarding	R	R	R	R	R	R	R
unmanaged devices	R	R	R	R	R	R	R
update	R	R	R	—	R	R	R
uplink sets	R	R	R	R	R	R	R
users	R	R	R	—	R	R	R
user preferences	R	R	R	—	R	R	R

Server firmware operator can only update manageFirmware, firmwareBaseline, forceInstallFirmware, firmwareInstallType, firmwareActivationType and serverHardwareUri attributes.