Role-based access control (RBAC) helps restrict access to NSX Intelligence features to certain authorized users only.

Because the NSX Intelligence features are accessed using the NSX Manager user interface, the same NSX-T Data Center built-in roles assigned to users are used for the NSX Intelligence RBAC and each role has specific permissions. For information on how to assign roles to users, see the NSX-T Data Center Administration Guide.

To view the NSX-T Data Center built-in roles, navigate to System > User Management > Roles.

Roles and Permissions

The following are the types of permissions enforced in the NSX Intelligence feature. Included in the list are the abbreviations for the permissions that are used in the NSX Intelligence Roles and Permissions table.

  • Full access (FA) - For recommendations, full access include the ability to read, start, rerun, update, delete, and publish recommendations.

  • Execute (E)

  • Read (R)

  • None

The NSX Intelligence feature recognizes the following built-in roles. You cannot add any new roles because custom RBAC roles do not support NSX Intelligence features. Also included in the list are the abbreviations for the roles that are used in the NSX Intelligence Roles and Permissions table.

  • Auditor (A)

  • Enterprise Admin (EA)

  • GI (Guest Introspection) Partner Admin (GIA)

  • LB (Load Balancer) Admin (LBA)

  • LB Operator (LBO)

  • NETX (Network Introspection) Partner Admin (NIA)

  • Network Admin (NA)

  • Network Operator (NO)

  • Security Admin (SA)

  • Security Operator (SO)

  • Support Bundle Collector (SBC)

  • VPN Admin (VPNA)

The following table shows the permissions that each built-in role has for the different NSX Intelligence operations.

Table 1. NSX Intelligence Roles and Permissions

Operation

EA

A

SA

SO

NA

NO

SBC

GIA

NIA

LBA

LBO

VPNA

Activate the NSX Intelligence feature on the NSX Application Platform.

FA

R

R

R

None

None

None

None

None

None

None

None

Cofigure NSX Intelligence data collection settings on hosts or cluster of hosts using System > NSX Intelligence

FA

R

FA

R

None

None

None

None

None

None

None

None

Work with the Security > Suspicious Traffic > Detection Events dashboard. FA R FA R None None None None None None None None
Configure the detectors in Security > Suspicious Traffic > Detector Definitions. FA R FA R None None None None None None None None

Visualization of traffic flows using Plan & Troubleshoot > Discover & Take Action.

FA

R

R

R

R

R

None

None

None

None

None

None

Work with NSX recommendations using Plan & Troubleshoot > Recommendations.

FA

R

FA

R

None

None

None

None

None

None

None

None

Generate a support bundle using System > Support Bundle.

FA

R

None

None

None

None

FA

None

None

None

None

None

Upgrade the NSX Intelligence feature using the NSX Application Platform.

FA

R

None

None

None

None

None

None

None

None

None

None

Search for flows using the Search bar.

FA

R

R

R

R

R

None

None

None

None

None

None

Search for recommendation using the Search bar.

FA

R

R

R

None

None

None

None

None

None

None

None