A tenant is an isolated instance of NSX Advanced Load Balancer. Each NSX Advanced Load Balancer user account is associated with one or more tenants.

The tenant associated with a user account defines the resources that the user can access within the NSX Advanced Load Balancer. When a user logs in, the NSX Advanced Load Balancer restricts access to only those resources that are in the same tenant. If a user is associated with multiple tenants, each tenant still isolates the resources that belong to that tenant from the resources in other tenants. To access resources in another tenant, the user must switch the focus of the management session to the other tenant.

Note:

Default Tenant

By default, all resources belong to a single, global tenant, namely, admin. The admin tenant contains all NSX Advanced Load Balancer resources.

The default admin user account belongs to the admin tenant and so, can access all resources.

If no additional tenants are created, all new NSX Advanced Load Balancer user accounts are automatically added to the admin tenant.

Tenant-to-Role Mapping

Within each user account, the role selected for the user is mapped to a tenant. If only one tenant is defined (the default admin tenant), this tenant is automatically mapped to the role selected for the user. It allows the user to access all resources to the extent (write, read, or no access) allowed by their role.

Creating additional tenants allows a user account to have multiple roles. In this case, each role can be mapped individually to a tenant within the user account. Optionally, a single role can be mapped to all tenants.

If a single role is mapped to all tenants, the user can switch the management session to other tenants as needed.

All Tenants View for Super Users

The NSX Advanced Load Balancer user accounts that are enabled for superuser access automatically have access to a special read-only tenant: All Tenants. The All Tenants view provides read-only access to all resources within the NSX Advanced Load Balancer.

The All Tenants View tenant cannot be mapped to any roles within a user account. The All Tenants tenant is automatically made available to all superuser accounts.