Grant users in your organization an NSX service role to allow them to view or configure NSX features in the SDDC.
Unlike organization roles, which specify the privileges that an organization member has over organization assets, service roles specify the privileges that an organization member has when accessing VMware Cloud Services that the organization uses. All service roles can be assigned and changed by an organization owner. When multiple roles are assigned to an organization member, the effective access granted is based on the union of the rights on all assigned roles. For more about service roles available in VMware Cloud on AWS, see Assign a VMware Cloud on AWS Service Role to an Organization Member in VMware Cloud on AWS Getting Started.
- NSX Cloud Admin
- This role can perform all tasks related to deployment and administration of the NSX service.
- NSX Cloud Auditor
- This role can view NSX service settings and events but cannot make any changes to the service.
- NSX Security Admin
- This role can perform all tasks accessible from the NSX Security tab. This role cannot make role assignments.
- NSX Security Auditor
- This role can view but not modify settings accessible from the NSX Security tab.
- NSX Network Admin
- This role can perform all tasks accessible from the NSX Networking tab. This role cannot make role assignments.
- NSX Network Auditor
- This role can view but not modify settings accessible from the NSX Networking tab.
Task | NSX Cloud Admin | NSX Cloud Auditor | NSX Security Admin | NSX Security Auditor | NSX Network Admin | NSX Network Auditor |
---|---|---|---|---|---|---|
Open NSX Manager | YES | YES | YES | YES | YES | YES |
Activate NSX Advanced Firewall | YES | No | YES | No | YES | No |
View SDDC Networking & Security tab | YES | YES | YES | YES | YES | YES |
Edit NSX Default Access | YES | No | YES | No | YES | No |
Prerequisites
You must be an Organization Owner to assign a service role to an organization member.
Procedure
What to do next
Ensure that any users whose roles have been changed log out of VMware Cloud Services and log back in so that the changes take effect.