With role-based access control (RBAC), you can restrict system access to authorized users. Users are assigned roles and each role has specific permissions.

There are four types of permissions:

  • Full access

  • Execute

  • Read

  • None

Full access gives the user all permissions. The execute permission includes the read permission.

NSX-T has the following built-in roles. You cannot add any new roles.

  • Enterprise Administrator

  • Auditor

  • Network Engineer

  • Network Operations

  • Security Engineer

  • Security Operations

  • Cloud Service Administrator

  • Cloud Service Auditor

Roles and Permissions

1 shows the permissions each role has for different operations. The following abbreviations are used:

  • EA - Enterprise Administrator

  • A - Auditor

  • NE - Network Engineer

  • NO - Network Operations

  • SE - Security Engineer

  • SO - Security Operations

  • CSAdm - Cloud Service Administrator

  • CSAud - Cloud Service Auditor

  • FA - Full access

  • E - Execute

  • R - Read

Table 1. Roles and Permissions

Operation

EA

A

NE

NO

SE

SO

CSAdm

CSAud

Tools > Port Connection

E

R

E

E

E

E

E

R

Tools > Traceflow

E

R

E

E

E

E

E

R

Tools > Port Mirroring

FA

R

FA

FA

FA

FA

FA

R

Tools > IPFIX

FA

R

FA

R

FA

R

FA

R

Firewall

FA

R

FA

R

FA

R

FA

R

Encryption

FA

R

FA

R

FA

FA

None

None

Routing > Routers

FA

R

FA

R

R

R

FA

R

Routing > NAT

FA

R

FA

R

FA

R

FA

R

DDI > DHCP > Server Profiles

FA

R

FA

R

FA

None

FA

R

DDI > DHCP > Servers

FA

R

FA

R

FA

None

FA

R

DDI > DHCP > Relay Profiles

FA

R

FA

R

FA

None

FA

R

DDI > DHCP > Relay Services

FA

R

FA

R

FA

None

FA

R

DDI > DHCP > Metadata Proxies

FA

R

FA

R

FA

None

None

None

DDI > IPAM

FA

R

FA

R

FA

None

None

None

Switching > Switches

FA

R

FA

FA

R

R

FA

R

Switching > Ports

FA

R

FA

FA

R

R

FA

R

Switching > Switching Profiles

FA

R

FA

FA

FA

FA

FA

R

Fabric > Nodes > Hosts

FA

R

R

R

R

R

R

R

Fabric > Nodes > Edges

FA

R

FA

R

R

R

R

R

Fabric > Nodes > Edge Clusters

FA

R

FA

R

R

R

R

R

Fabric > Nodes > Bridges

FA

R

FA

R

R

R

None

None

Fabric > Nodes > Transport Nodes

FA

R

R

R

R

R

R

R

Fabric > Profiles > Uplink Profiles

FA

R

R

R

R

R

R

R

Fabric > Profiles > Edge Cluster Profiles

FA

R

FA

R

R

R

R

R

Fabric > Profiles > Configuration

FA

R

None

None

None

None

R

R

Fabric > Transport Zones

FA

R

R

R

R

R

R

R

Fabric > Compute Managers

FA

R

R

R

R

R

R

R

System > Trust

FA

R

None

None

FA

R

None

None

System > Configuration

E

R

R

R

R

R

None

None

System > Utilities > Support Bundle

FA

R

R

R

R

R

R

R

System > Utilities > Backup

FA

R

None

None

None

None

None

None

System > Utilities > Restore

FA

R

None

None

None

None

None

None

System > Utilities > Upgrade

FA

R

R

R

R

R

None

None

System > Users > Role Assignments

FA

R

None

None

None

None

None

None

System > Users > Configuration

FA

R

None

None

None

None

None

None