Extend the RBAC capabilities provided by NSX-T Data Center and create custom roles that suit your operational requirements. You can clone an existing role and customize it or you can create a role afresh. Starting in NSX-T Data Center 3.1.1, you can also edit and delete user-created roles.
- You can create custom roles only for features available in the Policy mode. If you clone a role with access to features in the Manager mode, the cloned role provides access only to the Policy mode features. For example, features like Upgrade, Migrate, Fabric, TraceFlow, NSX Intelligence, and Inventory of Physical Servers and Containers are only available in Manager mode and therefore not supported. Most features are supported. The unsupported features for users with a custom role include:
- Only an Enterprise Administrator can assign the role management feature's permission to a custom role. An Enterprise Administrator can create a custom role to delegate further custom role creation and user role assignment.
- A user assigned with a custom role can only create other custom roles with equal or lower permission sets. A user with a custom role cannot create or assign roles with permissions higher than their own.
- A user assigned with a custom role cannot modify or delete the role assigned to them.
Note: Custom roles are not supported on Global Manager (Federation).