Role-based access control (RBAC) helps restrict access to NSX Intelligence features to certain authorized users only.

Because NSX Intelligence features are accessed using the NSX Manager user interface, the same NSX-T Data Center built-in roles assigned to users are used for NSX Intelligence RBAC and each role has specific permissions. For information on how to assign roles to users, see the NSX-T Data Center Administration Guide.

To view the NSX-T Data Center built-in roles, navigate to System > Users and Roles > Roles.

After an Active Directory (AD) user is assigned a role, if the user name is changed on the AD server, you must assign the role again using the new user name.

Roles and Permissions

The following are the types of permissions in NSX Intelligence. Included in the list are the abbreviations for the permissions that are used in the NSX Intelligence Roles and Permissions table.
  • Full access (FA) - For recommendations, full access include the ability to read, start, rerun, update, delete, and publish recommendations.
  • Execute (E)
  • Read (R)
  • None
NSX Intelligence recognizes the following built-in roles. You cannot add any new roles. Also included in the list are the abbreviations for the roles that are used in the NSX Intelligence Roles and Permissions table.
  • Enterprise Administrator (EA)
  • Auditor (A)
  • Security Engineer (SE)
  • Security Operator (SO)
  • Network Engineer (NE)
  • Network Operator (NO)
  • Guest Introspection (GI) Partner Administrator (GI Adm)
  • Network Introspection (NETX) Partner Administrator (NI Adm)
  • Load Balancer Administrator (LB Adm)
  • Load Balancer Auditor (LB Aud)
  • VPN Administrator (VPN Adm)

The following table shows the permissions that each built-in role has for the different NSX Intelligence operations.

Table 1. NSX Intelligence Roles and Permissions
Operation EA A SE SO NE NO GI Adm NI Adm LB Adm LB Aud VPN Adm
Deploy the NSX Intelligence appliance using System > Appliances > Add NSX Intelligence Appliance. FA R R R R R None None None None None
Back up or restore the NSX Intelligence appliance using System > Backup & Restore. FA R None None None None None None None None None
Generate a support bundle using System > Support Bundle. FA R None None None None None None None None None
Upgrade the NSX Intelligence appliance using System > Upgrade or using the CLI. FA R None None None None None None None None None
Start/stop the data collection on transport nodes using System > Appliances > NSX Intelligence Appliance > Actions > Stop / Start Collecting Data FA R R R R R None None None None None
Visualization of traffic flows using Plan & Troubleshoot > Discover & Take Action. FA R R R R R None None None None None
Work with recommendations using Plan & Troubleshoot > Recommendations . FA R FA R None None None None None None None
Manage the alarm definitions and alarm states using Home > Alarms FA R None None None None None None None None None
Search for flows using the Search bar FA R R R R R None None None None None
Search for recommendation using the Search bar FA R R R None None None None None None None