The role, in combination with the tenant, comprises the authorization settings for an Avi Load Balancer user. When assigned to a user, the role defines the type of access the user has to each area of the NSX Advanced Load Balancer system. Roles provide granular RBAC within Avi Load Balancer.

Access Types

For each Avi Load Balancer resource (object type) and within each group of resources (system area), the user can have the following privileges:

  • Write: The user has full access to create, read, modify, and delete resources.

  • Read: The user can only read the existing configuration of resources. For example, the user can see how a virtual service is configured and view the health and analytics data of the virtual service but is unable to modify the configuration or delete the virtual service.

  • No Access: The user has no access to the resources and cannot even read or list these resources.

  • Assorted: The user has a mixture of the above privileges for different resources within the system area.