Class aaa:Role (CONCRETE)

Class ID:1500
Class Label: Role
Encrypted: false - Exportable: true - Persistent: true - Configurable: true - Subject to Quota: Disabled
Write Access: [aaa, admin]
Read Access: [aaa, admin]
Creatable/Deletable: yes (see Container Mos for details)
Semantic Scope: Fabric
Semantic Scope Evaluation Rule: Parent
Monitoring Policy Source: Parent
Monitoring Flags : [ IsObservable: false, HasStats: false, HasFaults: false, HasHealth: false, HasEventRules: false ]

An AAA role is a set of attributes and privileges that describe what a user is authorized to perform.

Naming Rules
RN FORMAT: role-{name}

    [1] PREFIX=role- PROPERTY = name




DN FORMAT: 

[1] uni/userext/role-{name}

                


Diagram

Super Mo: aaa:Definition,
Container Mos: aaa:UserEp (deletable:yes),


Containers Hierarchies
[V] top:Root  This class represents the root element in the object hierarchy. All managed objects in the system are descendants of the Root element.
 ├
[V] fabric:Topology The root for IFC topology.
 
 ├
[V] fabric:Pod A pod.
 
 
 ├
[V] fabric:Node The root node for the APIC.
 
 
 
 ├
[V] ctx:Local The local Context.
 
 
 
 
 ├
[V] ctx:Application The context application.
 
 
 
 
 
 ├
[V] pol:Uni Represents policy definition/resolution universe.
 
 
 
 
 
 
 ├
[V] aaa:UserEp A user endpoint is a local user. A user is assigned a role determines the user's privileges, and belongs to a security domain, which determines the user's scope of control
 
 
 
 
 
 
 
 ├
[V] aaa:Role An AAA role is a set of attributes and privileges that describe what a user is authorized to perform.
[V] top:Root  This class represents the root element in the object hierarchy. All managed objects in the system are descendants of the Root element.
 ├
[V] pol:Uni Represents policy definition/resolution universe.
 
 ├
[V] aaa:UserEp A user endpoint is a local user. A user is assigned a role determines the user's privileges, and belongs to a security domain, which determines the user's scope of control
 
 
 ├
[V] aaa:Role An AAA role is a set of attributes and privileges that describe what a user is authorized to perform.


Contained Hierarchy
[V] aaa:Role An AAA role is a set of attributes and privileges that describe what a user is authorized to perform.
 ├
[V] fault:Delegate Exposes internal faults to the user. A fault delegate object can be defined on IFC (for example, for an endpoint group) and when the fault is raised (for example, under an endpoint policy on a switch), a fault delegate object is created on IFC under the specified object. A fault delegate object follows the lifecycle of the original fault instance object, being created, modified, or deleted based on the changes of the original fault.


Inheritance
[V] naming:NamedObject An abstract base class for an object that contains a name.
 ├
[V] pol:Obj Represents a generic policy object.
 
 ├
[V] pol:Def Represents self-contained policy document.
 
 
 ├
[V] aaa:Definition The AAA policy definition. This is an abstract class and cannot be instantiated.
 
 
 
 ├
[V] aaa:Role An AAA role is a set of attributes and privileges that describe what a user is authorized to perform.


Events
                aaa:Role:creation__aaa_Role
aaa:Role:modification__aaa_Role
aaa:Role:deletion__aaa_Role


Faults
                


Fsms
                


Properties Summary
Defined in: aaa:Role
naming:Name
          string:Basic
name  (aaa:Role:name)
           Overrides:aaa:Definition:name | pol:Obj:name | naming:NamedObject:name
           The name of the privilege role.
aaa:Access
          scalar:Bitmask64
priv  (aaa:Role:priv)
           The privilege(s) assigned to a role.
aaa:Boolean
          scalar:Enum8
resetToFactory  (aaa:Role:resetToFactory)
          
aaa:Boolean
          scalar:Enum8
roleIsBuiltin  (aaa:Role:roleIsBuiltin)
          
Defined in: pol:Def
naming:Descr
          string:Basic
descr  (pol:Def:descr)
           Specifies a description of the policy definition.
naming:Descr
          string:Basic
ownerKey  (pol:Def:ownerKey)
           The key for enabling clients to own their data for entity correlation.
naming:Descr
          string:Basic
ownerTag  (pol:Def:ownerTag)
           A tag for enabling clients to add their own data. For example, to indicate who created this object.
Defined in: naming:NamedObject
naming:NameAlias
          string:Basic
nameAlias  (naming:NamedObject:nameAlias)
           NO COMMENTS
Defined in: mo:Resolvable
mo:Owner
          scalar:Enum8
lcOwn  (mo:Resolvable:lcOwn)
           A value that indicates how this object was created. For internal use only.
Defined in: mo:TopProps
mo:ModificationChildAction
          scalar:Bitmask32
childAction  (mo:TopProps:childAction)
           Delete or ignore. For internal use only.
reference:BinRef dn  (mo:TopProps:dn)
           A tag or metadata is a non-hierarchical keyword or term assigned to the fabric module.
reference:BinRN rn  (mo:TopProps:rn)
           Identifies an object from its siblings within the context of its parent object. The distinguished name contains a sequence of relative names.
mo:ModificationStatus
          scalar:Bitmask32
status  (mo:TopProps:status)
           The upgrade status. This property is for internal use only.
Defined in: mo:Modifiable
mo:TStamp
          scalar:Date
modTs  (mo:Modifiable:modTs)
           The time when this object was last modified.
Defined in: mo:Ownable
scalar:Uint16 uid  (mo:Ownable:uid)
           A unique identifier for this object.
Properties Detail

childAction

Type: mo:ModificationChildAction
Primitive Type: scalar:Bitmask32

Units: null
Encrypted: false
Access: implicit
Category: TopLevelChildAction
    Comments:
Delete or ignore. For internal use only.
Constants
deleteAll 16384u deleteAll NO COMMENTS
ignore 4096u ignore NO COMMENTS
deleteNonPresent 8192u deleteNonPresent NO COMMENTS
DEFAULT 0 --- This type is used to





descr

Type: naming:Descr
Primitive Type: string:Basic

Like: naming:Described:descr
Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Range:  min: "0"  max: "128"
        Allowed Chars:
            Regex: [a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]+
    Comments:
Specifies a description of the policy definition.



dn

Type: reference:BinRef

Units: null
Encrypted: false
Access: implicit
Category: TopLevelDn
    Comments:
A tag or metadata is a non-hierarchical keyword or term assigned to the fabric module.



lcOwn

Type: mo:Owner
Primitive Type: scalar:Enum8

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
A value that indicates how this object was created. For internal use only.
Constants
local 0 Local NO COMMENTS
policy 1 Policy NO COMMENTS
replica 2 Replica NO COMMENTS
resolveOnBehalf 3 ResolvedOnBehalf NO COMMENTS
implicit 4 Implicit NO COMMENTS
DEFAULT local(0) Local NO COMMENTS





modTs

Type: mo:TStamp
Primitive Type: scalar:Date

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
The time when this object was last modified.
Constants
never 0ull never NO COMMENTS
DEFAULT never(0ull) never NO COMMENTS





name

Type: naming:Name
Primitive Type: string:Basic

Overrides:aaa:Definition:name  |  pol:Obj:name  |  naming:NamedObject:name
Units: null Encrypted: false Naming Property -- [NAMING RULES] Access: naming Category: TopLevelRegular Property Validators: Regex: [a-zA-Z][a-zA-Z0-9_.-]{0,31}
    Comments:
The name of the privilege role.



nameAlias

Type: naming:NameAlias
Primitive Type: string:Basic

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Range:  min: "0"  max: "63"
        Allowed Chars:
            Regex: [a-zA-Z0-9_.-]+
    Comments:
NO COMMENTS



ownerKey

Type: naming:Descr
Primitive Type: string:Basic

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Range:  min: "0"  max: "128"
        Allowed Chars:
            Regex: [a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]+
    Comments:
The key for enabling clients to own their data for entity correlation.



ownerTag

Type: naming:Descr
Primitive Type: string:Basic

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Range:  min: "0"  max: "64"
        Allowed Chars:
            Regex: [a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]+
    Comments:
A tag for enabling clients to add their own data. For example, to indicate who created this object.



priv

Type: aaa:Access
Primitive Type: scalar:Bitmask64

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Comments:
The privilege(s) assigned to a role.
Constants
none 0ull none NO COMMENTS
tenant-epg 1024ull tenant-epg NO COMMENTS
tenant-protocol-util 1048576ull tenant-protocol-util NO COMMENTS
tenant-ext-protocol-mgmt 1073741824ull tenant-ext-protocol-mgmt NO COMMENTS
fabric-protocol-mgmt 1099511627776ull fabric-protocol-mgmt NO COMMENTS
access-protocol-l2 1125899906842624ull access-protocol-l2 NO COMMENTS
nw-svc-devshare 1152921504606846976ull nw-svc-devshare NO COMMENTS
tenant-qos 128ull tenant-qos NO COMMENTS
tenant-protocol-l2 131072ull tenant-protocol-l2 NO COMMENTS
tenant-ext-protocol-l1 134217728ull tenant-ext-protocol-l1 NO COMMENTS
fabric-protocol-l1 137438953472ull fabric-protocol-l1 NO COMMENTS
access-connectivity-mgmt 140737488355328ull access-connectivity-mgmt NO COMMENTS
nw-svc-params 144115188075855872ull nw-svc-params NO COMMENTS
tenant-connectivity-mgmt 16384ull tenant-connectivity-mgmt NO COMMENTS
tenant-ext-connectivity-l3 16777216ull tenant-ext-connectivity-l3 NO COMMENTS
vmm-policy 16ull vmm-policy NO COMMENTS
fabric-connectivity-l3 17179869184ull fabric-connectivity-l3 NO COMMENTS
access-connectivity-l1 17592186044416ull access-connectivity-l1 NO COMMENTS
access-protocol-ops 18014398509481984ull access-protocol-ops NO COMMENTS
admin 1ull admin NO COMMENTS
tenant-connectivity-l1 2048ull tenant-connectivity-l1 NO COMMENTS
tenant-protocol-ops 2097152ull tenant-protocol-ops NO COMMENTS
tenant-ext-protocol-util 2147483648ull tenant-ext-protocol-util NO COMMENTS
fabric-protocol-util 2199023255552ull fabric-protocol-util NO COMMENTS
access-protocol-l3 2251799813685248ull access-protocol-l3 NO COMMENTS
nw-svc-policy 2305843009213693952ull nw-svc-policy NO COMMENTS
tenant-security 256ull tenant-security NO COMMENTS
tenant-protocol-l3 262144ull tenant-protocol-l3 NO COMMENTS
tenant-ext-protocol-l2 268435456ull tenant-ext-protocol-l2 NO COMMENTS
fabric-protocol-l2 274877906944ull fabric-protocol-l2 NO COMMENTS
access-connectivity-util 281474976710656ull access-connectivity-util NO COMMENTS
aaa 2ull aaa NO COMMENTS
tenant-connectivity-util 32768ull tenant-connectivit-util NO COMMENTS
vmm-ep 32ull vmm-ep NO COMMENTS
tenant-ext-connectivity-mgmt 33554432ull tenant-ext-connectivity-mgmt NO COMMENTS
fabric-connectivity-mgmt 34359738368ull fabric-connectivity-mgmt NO COMMENTS
access-connectivity-l2 35184372088832ull access-connectivity-l2 NO COMMENTS
access-equipment 36028797018963968ull access-equipment NO COMMENTS
tenant-connectivity-l2 4096ull tenant-connectivity-l2 NO COMMENTS
tenant-ext-connectivity-l1 4194304ull tenant-ext-connectivity-l1 NO COMMENTS
fabric-connectivity-l1 4294967296ull fabric-connectivity-l1 NO COMMENTS
fabric-protocol-ops 4398046511104ull fabric-protocol-ops NO COMMENTS
access-protocol-mgmt 4503599627370496ull access-protocol-mgmt NO COMMENTS
nw-svc-device 4611686018427387904ull nw-svc-device NO COMMENTS
vmm-connectivity 4ull vmm-connectivity NO COMMENTS
tenant-network-profile 512ull tenant-network-profile NO COMMENTS
tenant-protocol-mgmt 524288ull tenant-protocol-mgmt NO COMMENTS
tenant-ext-protocol-l3 536870912ull tenant-ext-protocol-l3 NO COMMENTS
fabric-protocol-l3 549755813888ull fabric-protocol-l3 NO COMMENTS
access-protocol-l1 562949953421312ull access-protocol-l1 NO COMMENTS
ops 576460752303423488ull ops NO COMMENTS
vmm-protocol-ops 64ull vmm-protocol-ops NO COMMENTS
tenant-protocol-l1 65536ull tenant-protocol-l1 NO COMMENTS
tenant-ext-connectivity-util 67108864ull tenant-ext-connectivity-util NO COMMENTS
fabric-connectivity-util 68719476736ull fabric-connectivity-util NO COMMENTS
access-connectivity-l3 70368744177664ull access-connectivity-l3 NO COMMENTS
access-qos 72057594037927936ull access-qos NO COMMENTS
tenant-connectivity-l3 8192ull tenant-connectivity-l3 NO COMMENTS
tenant-ext-connectivity-l2 8388608ull tenant-ext-connectivity-l2 NO COMMENTS
fabric-connectivity-l2 8589934592ull fabric-connectivity-l2 NO COMMENTS
fabric-equipment 8796093022208ull fabric-equipment NO COMMENTS
vmm-security 8ull vmm-security NO COMMENTS
access-protocol-util 9007199254740992ull access-protocol-util NO COMMENTS
DEFAULT 0 --- NO COMMENTS





resetToFactory

Type: aaa:Boolean
Primitive Type: scalar:Enum8

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Comments:
Constants
no 0 No NO COMMENTS
yes 1 Yes NO COMMENTS
DEFAULT no(0) No NO COMMENTS





rn

Type: reference:BinRN

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRn
    Comments:
Identifies an object from its siblings within the context of its parent object. The distinguished name contains a sequence of relative names.



roleIsBuiltin

Type: aaa:Boolean
Primitive Type: scalar:Enum8

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
Constants
no 0 No NO COMMENTS
yes 1 Yes NO COMMENTS
DEFAULT no(0) No NO COMMENTS





status

Type: mo:ModificationStatus
Primitive Type: scalar:Bitmask32

Units: null
Encrypted: false
Access: implicit
Category: TopLevelStatus
    Comments:
The upgrade status. This property is for internal use only.
Constants
created 2u created In a setter method: specifies that an object should be created. An error is returned if the object already exists.
In the return value of a setter method: indicates that an object has been created.
modified 4u modified In a setter method: specifies that an object should be modified
In the return value of a setter method: indicates that an object has been modified.
deleted 8u deleted In a setter method: specifies that an object should be deleted.
In the return value of a setter method: indicates that an object has been deleted.
DEFAULT 0 --- This type controls the life cycle of objects passed in the XML API.

When used in a setter method (such as configConfMo), the ModificationStatus specifies whether an object should be created, modified, deleted or removed.
In the return value of a setter method, the ModificationStatus indicates the actual operation that was performed. For example, the ModificationStatus is set to "created" if the object was created. The ModificationStatus is not set if the object was neither created, modified, deleted or removed.

When invoking a setter method, the ModificationStatus is optional:
If a setter method such as configConfMo is invoked and the ModificationStatus is not set, the system automatically determines if the object should be created or modified.






uid

Type: scalar:Uint16

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
A unique identifier for this object.