UCS Role-based Access Control (RBAC) provides granular control over the user security privileges. Combined with UCS organizations, RBAC delegates and controls the user access privileges according to the role and restricts user access within an organization boundary defined for the tenant in case of multitenancy.

Access privileges provide the users the capability to create, modify, or delete a specific type of configuration. UCS provides some predefined roles. Roles are a collection of different privileges. Hence, roles can be assigned to users according to their job requirement. For example, there's a built-in role called "read-only" that provides only read privileges to the user. This role can be assigned to any user to whom you do not want to provide any configuration capability.

In UCS, a user's authentication can be configured from various resources including the following: