Role-based access control (RBAC) helps restrict access to NSX Intelligence features to certain authorized users only.
Because the NSX Intelligence features are accessed using the NSX Manager user interface, the same NSX built-in roles assigned to users are used for the NSX Intelligence RBAC and each role has specific permissions. For information on how to assign roles to users, see the NSX Administration Guide.
To view the NSX built-in roles, navigate to .
Roles and Permissions
The following are the types of permissions enforced in the NSX Intelligence features. Included in the list are the abbreviations for the permissions that are used in the NSX Intelligence Roles and Permissions table.
Full access (FA) - For recommendations, full access include the ability to read, start, rerun, update, delete, and publish recommendations.
Execute (E)
Read (R)
None
The NSX Intelligence feature recognizes the following built-in roles. You cannot add any new roles because custom RBAC roles do not support NSX Intelligence features. Also included in the list are the abbreviations for the roles that are used in the NSX Intelligence Roles and Permissions table.
Auditor (A)
-
Enterprise Admin (EA)
-
GI (Guest Introspection) Partner Admin (GIA)
-
LB (Load Balancer) Admin (LBA)
-
LB Operator (LBO)
-
NETX (Network Introspection) Partner Admin (NIA)
Network Admin (NA)
Network Operator (NO)
Security Admin (SA)
-
Security Operator (SO)
-
Support Bundle Collector (SBC)
VPN Admin (VPNA)
The following table shows the permissions that each built-in role has for the different NSX Intelligence operations.
Operation |
EA |
A |
SA |
SO |
NA |
NO |
SBC |
GIA |
NIA |
LBA |
LBO |
VPNA |
---|---|---|---|---|---|---|---|---|---|---|---|---|
Activate the NSX Intelligence feature on the NSX Application Platform. |
FA |
R |
R |
R |
None |
None |
None |
None |
None |
None |
None |
None |
Configure NSX Intelligence data collection settings on hosts or cluster of hosts using |
FA |
R |
FA |
R |
None |
None |
None |
None |
None |
None |
None |
None |
Work with the | dashboard.FA | R | FA | R | None | None | None | None | None | None | None | None |
Configure the detectors in | .FA | R | FA | R | None | None | None | None | None | None | None | None |
Visualization of traffic flows using . |
FA |
R |
R |
R |
R |
R |
None |
None |
None |
None |
None |
None |
Work with NSX Intelligence recommendations (including exporting to a JSON or a CSV file) using . |
FA |
R |
FA |
R |
None |
None |
None |
None |
None |
None |
None |
None |
Work with NSX Intelligence compute entity infrastructure classifications using tab or using the Workload Type section of the VM or Physical Server Information dialog box. | FA | R | FA | R | None | None | None | None | None | None | None | None |
Create and administer NSX Intelligence labels using the Computes view in the page. | FA | R | FA | FA | FA | FA | None | None | None | None | None | None |
Create and assign NSX tags to VMs using the page. | FA | R | FA | R | R | R | None | None | None | None | None | None |
Generate a support bundle using . |
FA |
R |
None |
None |
None |
None |
FA |
None |
None |
None |
None |
None |
Upgrade the NSX Intelligence feature using the NSX Application Platform. |
FA |
R |
None |
None |
None |
None |
None |
None |
None |
None |
None |
None |
Search for flows using the Search bar. |
FA |
R |
R |
R |
R |
R |
None |
None |
None |
None |
None |
None |
Search for recommendation using the Search bar. |
FA |
R |
R |
R |
None |
None |
None |
None |
None |
None |
None |
None |