Preventing Root Policy Modification in Cisco UCS Manager

Prevent Modification of Root Policies in Cisco UCS Manager

Question

A Cisco UCS user called 'Employee1' accidentally changed the boot policy of the Cisco UCS server at the Cisco UCS Manager root level.

This change impacted all service profiles, and their storage connectivity was lost.

The system administrator wants to prevent this issue from recurring in the future.

The new security policy mandates that access must be restricted up to the organization level and prevent other users from modifying root policies.

Which action must be taken to meet these requirements?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

A.

https://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/ucs-manager/GUI-User-Guides/Admin-Management/3-1/b_Cisco_UCS_Admin_Mgmt_Guide_3_1/

The correct answer to prevent a similar issue from occurring in the future is option D, "Define a custom user role and assign it to users."

Explanation:

Cisco UCS Manager provides role-based access control (RBAC) to manage user access and privileges within the system. By defining custom user roles, administrators can control user access to specific resources in the system, which prevents unauthorized or accidental changes to critical policies and configurations.

Option A, "Modify the privilege level assigned to the user," may restrict the user's access to certain resources, but it may not prevent the user from accidentally modifying the root policies if they still have access to those resources. This option also does not prevent other users from modifying root policies.

Option B, "Assign users to a specific Cisco UCS locale," refers to a specific geographic location for a Cisco UCS domain. This option does not prevent users from modifying root policies or restrict user access to specific resources.

Option C, "Assign the user Employee1 the network-operator role," is not a recommended solution because the network-operator role grants limited access to the system, and it may not be sufficient for managing the Cisco UCS server.

Therefore, the best solution is to define a custom user role and assign it to users. This option allows administrators to create a custom role with specific permissions and restrict access to critical policies and configurations. For example, administrators can define a custom role with read-only access to the root policies, preventing accidental changes from users with lower privileges.

In summary, to prevent a similar issue from occurring in the future, administrators should define a custom user role and assign it to users to restrict access to critical policies and configurations.