A user’s role defines the actions the user is allowed to perform on a given resource. The role determines the user’s authorized activities on the given resource, ensuring that a user has access only to the functions necessary to complete applicable operations. This allows domain control over specific resources, or system-wide control if your right has no restrictions.

The following rules are enforced:

  • A user can have only one role.
  • You cannot add a role to a user or remove an assigned role from a user. You can, however, change the assigned role for a user.
Table 1. NSX Manager User Roles
Right Permissions
Enterprise Administrator NSX operations and security.
NSX Administrator NSX operations only: for example, install virtual appliances, configure port groups.
Security Administrator NSX security only: for example, define distributed firewall rules, configure NAT and load balancer services.
Auditor Read only.

The Enterprise Administrator and NSX Administrator roles can be assigned only to vCenter users.