Role-based access control (RBAC) helps restrict access to NSX Intelligence features to certain authorized users only.

Because the NSX Intelligence features are accessed using the NSX Manager user interface, the same NSX built-in roles assigned to users are used for the NSX Intelligence RBAC and each role has specific permissions. For information on how to assign roles to users, see the NSX Administration Guide.

To view the NSX built-in roles, navigate to System > User Management > Roles.

Roles and Permissions

The following are the types of permissions enforced in the NSX Intelligence features. Included in the list are the abbreviations for the permissions that are used in the NSX Intelligence Roles and Permissions table.

  • Full access (FA) - For recommendations, full access include the ability to read, start, rerun, update, delete, and publish recommendations.

  • Execute (E)

  • Read (R)

  • None

The NSX Intelligence feature recognizes the following built-in roles. You cannot add any new roles because custom RBAC roles do not support NSX Intelligence features. Also included in the list are the abbreviations for the roles that are used in the NSX Intelligence Roles and Permissions table.

  • Auditor (A)

  • Enterprise Admin (EA)

  • GI (Guest Introspection) Partner Admin (GIA)

  • LB (Load Balancer) Admin (LBA)

  • LB Operator (LBO)

  • NETX (Network Introspection) Partner Admin (NIA)

  • Network Admin (NA)

  • Network Operator (NO)

  • Security Admin (SA)

  • Security Operator (SO)

  • Support Bundle Collector (SBC)

  • VPN Admin (VPNA)

The following table shows the permissions that each built-in role has for the different NSX Intelligence operations.

Table 1. NSX Intelligence Roles and Permissions

Operation

EA

A

SA

SO

NA

NO

SBC

GIA

NIA

LBA

LBO

VPNA

Activate the NSX Intelligence feature on the NSX Application Platform.

FA

R

R

R

None

None

None

None

None

None

None

None

Configure NSX Intelligence data collection settings on hosts or cluster of hosts using System > NSX Intelligence

FA

R

FA

R

None

None

None

None

None

None

None

None

Work with the Security > Suspicious Traffic > Events dashboard. FA R FA R None None None None None None None None
Configure the detectors in Security > Suspicious Traffic > Detector Definitions. FA R FA R None None None None None None None None

Visualization of traffic flows using Plan & Troubleshoot > Discover & Take Action.

FA

R

R

R

R

R

None

None

None

None

None

None

Work with NSX Intelligence recommendations (including exporting to a JSON or a CSV file) using Plan & Troubleshoot > Recommendations.

FA

R

FA

R

None

None

None

None

None

None

None

None

Work with NSX Intelligence compute entity infrastructure classifications using Plan & Troubleshoot > Configurations > Classifications tab or using the Workload Type section of the VM or Physical Server Information dialog box. FA R FA R None None None None None None None None
Create and administer NSX Intelligence labels using the Computes view in the Plan & Troubleshoot > Discover & Take Action > page. FA R FA FA FA FA None None None None None None
Create and assign NSX tags to VMs using the Plan & Troubleshoot > Discover & Take Action > page. FA R FA R R R None None None None None None

Generate a support bundle using System > Support Bundle.

FA

R

None

None

None

None

FA

None

None

None

None

None

Upgrade the NSX Intelligence feature using the NSX Application Platform.

FA

R

None

None

None

None

None

None

None

None

None

None

Search for flows using the Search bar.

FA

R

R

R

R

R

None

None

None

None

None

None

Search for recommendation using the Search bar.

FA

R

R

R

None

None

None

None

None

None

None

None