A user’s role defines the actions the user is allowed to perform on a given resource. The role determines the user’s authorized activities on the given resource, ensuring that a user has access only to the functions necessary to complete applicable operations. This allows domain control over specific resources, or system-wide control if your right has no restrictions.

The following rules are enforced:

  • A user can have only one role.

  • You cannot add a role to a user or remove an assigned role from a user. You can, however, change the assigned role for a user.

Table 1. NSX Manager User Roles

Right

Permissions

Enterprise Administrator

NSX operations and security.

NSX Administrator

NSX operations only: for example, install virtual appliances, configure port groups.

Security Administrator

NSX security only: for example, define distributed firewall rules, configure NAT and load balancer services.

Auditor

Read only.

The Enterprise Administrator and NSX Administrator roles can be assigned only to vCenter users.