To avoid any functional disruption caused by moving an application from one tenant to another and to enhance the existing role framework, starting from NSX Advanced Load Balancer version 20.1.2, labels are used as filters to enforce access control over individual objects. Labels are applied to individual objects to support access control in a decentralized manner.
The bubbles in the image represent different NSX Advanced Load Balancer objects labelled red, blue, green, or yellow.
The user permissions for an NSX Advanced Load Balancer - object at an application level are as follows:
User (Local) has the following permissions:
Write access to the app labelled blue
Read access to the pool in the app prod (labelled yellow)
User (Local) does not have access to the apps labelled green and red