Grant users in your organization an NSX service role to allow them to view or configure NSX features in the SDDC.
Unlike organization roles, which specify the privileges that an organization member has over organization assets, service roles specify the privileges that an organization member has when accessing VMware Cloud Services that the organization uses. All service roles can be assigned and changed by an organization owner. When multiple roles are assigned to an organization member, the effective access granted is based on the union of the rights on all assigned roles. For more about service roles available in VMware Cloud on AWS, see Assign a VMware Cloud on AWS Service Role to an Organization Member in VMware Cloud on AWS Getting Started.
- NSX Cloud Admin
- This role can perform all tasks related to deployment and administration of the NSX service.
- NSX Cloud Auditor
- This role can view NSX service settings and events but cannot make any changes to the service.
- NSX Security Admin
- This role can perform all tasks accessible from the NSX Security tab. This role cannot make role assignments.
- NSX Security Auditor
- This role can view but not modify settings accessible from the NSX Security tab.
- NSX Network Admin
- This role can perform all tasks accessible from the NSX Networking tab. This role cannot make role assignments.
- NSX Network Auditor
- This role can view but not modify settings accessible from the NSX Networking tab.
|Task||NSX Cloud Admin||NSX Cloud Auditor||NSX Security Admin||NSX Security Auditor||NSX Network Admin||NSX Network Auditor|
|Open NSX Manager||YES||YES||YES||YES||YES||YES|
|Activate NSX Advanced Firewall||YES||No||YES||No||YES||No|
|View SDDC Networking & Security tab||YES||YES||YES||YES||YES||YES|
|Edit NSX Default Access||YES||No||YES||No||YES||No|
You must be an Organization Owner to assign a service role to an organization member.
- Log in to the VMware Cloud Console at https://vmc.vmware.com.
- Click the services icon and select Identity & Access Management.
- Select a user and click Edit Roles.
- Select the VMware Cloud on AWS service name under Assign Service Roles.
- Select an NSX service role to assign.
When multiple service roles are assigned to an organization user, permissions are granted for the most permissive role. For example, an organization member who has both the NSX Cloud Admin and NSX Cloud Auditor roles is granted all the NSX Cloud Admin permissions, which include those granted to the NSX Cloud Auditor role.
- Click SAVE to save your changes.
What to do next
Ensure that any users whose roles have been changed log out of VMware Cloud Services and log back in so that the changes take effect.