Managing Administrator Accounts

This chapter describes the two types of administrator accounts in Cisco APIC-EM, their privileges, and how to create these accounts.

Admin User Right Differences

The username and passwords that you configure by using the Cisco APIC-EM configuration wizard are intended to be used for administrative access to the Cisco APIC-EM Grapevine root (Linux) and the Cisco APIC-EM GUI interface.

The administrator that has access to the Cisco APIC-EM Grapevine root is called the Linux admin user. By default, the username for the Linux admin user is 'grapevine' and the password is user-defined during the configuration wizard setup process. There is no default password.

Both the username and password for the Cisco APIC-EM GUI is user-defined during the configuration wizard setup process. There is no default username or password.

The Cisco APIC-EM Linux admin user has different rights and capabilities than the Cisco APIC-EM GUI-based admin user and can perform other administrative tasks.

Tasks Performed by Linux (Grapevine) Admin Users

The following tasks can be performed by the Linux (Grapevine) admin user:

  • Displaying audit and system logs on the Cisco APIC-EM.

  • Reviewing the status of Cisco APIC-EM services on the appliance.

  • Resetting the configuration values back to their original configuration settings.

  • Restoring the Cisco APIC-EM back to the factory default.

  • Creating a support file that you can then email to Cisco support for assistance.

  • Updating or changing your Cisco APIC-EM configuration wizard settings (for example, updating the NTP configuration settings).

GUI-based admin users that are created by using the Cisco APIC-EM user interface cannot automatically log into the Cisco APIC-EM and access the Grapevine root and clients located on the appliance. Only Linux admin users can access the Cisco APIC-EM Grapevine root and clients on the appliance.


Note


See the Cisco Application Policy Infrastructure Controller Enterprise Module Troubleshooting Guide for information about the supported Grapevine root (Linux) commands and accessible logs.


Tasks Performed by GUI Admin Users

The following tasks can be performed by the GUI admin user:

  • Initiate and work with the base applications (Discovery, Inventory, Topology, Path Trace, and EasyQoS) and solution applications (Network PnP and iWAN).

  • Back up and restore the Cisco APIC-EM database and files.

  • Display the service logs on the Cisco APIC-EM.

  • Apply Cisco APIC-EM software patches, maintenance releases, and upgrades.


Note


See the following guides for detailed information about the above supported controller GUI operations:

  • Cisco Application Policy Infrastructure Controller Enterprise Module Deployment Guide

  • Cisco Application Policy Infrastructure Controller Enterprise Module Configuration Guide


Creating GUI Admin Users

For first-time GUI-based access to Cisco APIC-EM system, the administrator username and password is configured during the configuration wizard setup.


Note


You can add GUI admin users through the GUI interface itself. See the Cisco Application Policy Infrastructure Controller Enterprise Module Configuration Guide for more information.