NSX를 배포하고 관리하려면 특정 vCenter 사용 권한이 필요합니다. NSX는 다양한 사용자 및 역할에 대한 광범위한 읽기 및 읽기/쓰기 사용 권한을 제공합니다.

역할 정의

사용 가능한 역할은 다음과 같습니다.

roles = system_write, system_urm, super_user, vshield_admin, security_admin, auditor, dlp_svm, epsec_host, enterprise_admin, component_manager_user, replicator

local_user_roles = system_write, system_urm, super_user, security_admin, auditor, dlp_svm, epsec_host, component_manager_user, replicator

system_roles = system_write, system_urm, dlp_svm, epsec_host, replicator

사용 권한 유형

사용 권한 유형은 읽기 및 쓰기입니다.

역할 액세스 정의

역할 액세스 정의는 역할의 사용 권한이 읽기 또는 읽기/쓰기 중 무엇인지 결정합니다.

super_user.object_permission = read, write

vshield_admin.object_permission = read, write

security_admin.object_permission = read, write

auditor.object_permission = read

system_write.object_permission = read, write

system_urm.object_permission = read

dlp_svm.object_permission = read, write

epsec_host.object_permission = read, write

enterprise_admin.object_permission = read, write

replicator.object_permission = read, write

루트 정의

루트 정의는 수퍼유저 역할을 설명합니다.

super_user.superuser = true

system_write.superuser = true

글로벌 범위에 대한 개체 액세스 역할

vshield_admin.object_access_scope.global = true

super_user.object_access_scope.global = true

system_write.object_access_scope.global = true

system_urm.object_access_scope.global = true

dlp_svm.object_access_scope.global = true

epsec_host.object_access_scope.global = true

enterprise_admin.object_access_scope.global = true

범용 범위에 대한 개체 액세스 역할

replicator.object_access_scope.universal=true

system_write.object_access_scope.universal=true

서비스

NSX에서 사용할 수 있는 서비스는 다음과 같습니다.

administration, urm, edge, app, namespace, spoofguard, dlp, epsec, library, install, vdn, eam, si, truststore, component_manager, ipam, secfabric, security_policy, messaging, replicator

기능 정의

각 서비스 내의 기능 정의는 다음과 같습니다.

administration.featurelist = administration.configuration, administration.update, administration.system_events, administration.audit_logs, administration.debug

urm.featurelist = urm.user_account_management, urm.object_access_control, urm.feature_access_control

edge.featurelist = edge.system, edge.nat, edge.firewall, edge.dhcp, edge.loadbalancer, edge.vpn, edge.syslog, edge.support, edge.routing, edge.certificate, edge.appliance, edge.highavailability, edge.dns, edge.vnic, edge.ssh, edge.autoplumbing, edge.statistics, edge.bridging, edge.systemcontrol

app.featurelist = app.config, app.firewall, app.flow, app.forcesync, app.syslog, app.techsupport

pgi.featurelist = pgi.switch, pgi.portgroup, pgi.lkm

namespace.featurelist = namespace.config

spoofguard.featurelist = spoofguard.config

dlp.featurelist = dlp.scan_scheduling, dlp.reports, dlp.policy, dlp.svm_interaction

epsec.featurelist = epsec.registration, epsec.health_monitoring, epsec.manager, epsec.policy, epsec.svm_priv, epsec.scan, epsec.reports

library.featurelist = library.grouping, library.host_preparation, library.tagging

install.featurelist = install.app, install.epsec, install.dlp

vdn.featurelist = vdn.config_nsm, vdn.provision

eam.featurelist = eam.install

si.featurelist = si.service, si.serviceprofile

truststore.featurelist = truststore.trustentity_management

component_manager.featurelist = healthstatus

ipam.featurelist = ipam.configuration, ipam.ipallocation

secfabric.featurelist = secfabric.deploy, secfabric.alarms

security_policy.featurelist = security_policy.configuration, security_policy.security_group_binding

blueprint_sam.featurelist = blueprint_sam.reports, blueprint_sam.ad_config, blueprint_sam.control_data_collection, blueprint_sam.techsupport, blueprint_sam.db_maintain

messaging.featurelist = messaging.messaging

replicator.featurelist = replicator.configuration

기능 액세스 정의

각 기능 및 역할 조합에서, 기능 액세스 정의는 사용자에게 읽기 전용 또는 읽기/쓰기 중 어떤 사용 권한이 있는지를 나타냅니다.

기능 및 역할 조합이 나열되지 않은 경우는 해당 역할의 사용자에게 이 기능에 대한 액세스 권한이 없다는 의미입니다.

예:

auditor.app.firewall = read

security_admin.app.firewall = read, write

이것은 app.firewall 기능에 대한 감사자 역할에는 읽기 전용 액세스 권한이 있고, app.firewall 기능에 대한 security_admin 역할에는 읽기/쓰기 액세스 권한이 있다는 의미입니다.

기능 액세스 정의 - system_urm

system_urm.urm.user_account_management = read

기능 액세스 정의 - vshield_admin

vshield_admin.administration.configuration = read, write

vshield_admin.administration.update = read, write

vshield_admin.administration.system_events = read, write

vshield_admin.administration.audit_logs = read

vshield_admin.urm.user_account_management = read, write

vshield_admin.urm.object_access_control = read

vshield_admin.urm.feature_access_control = read

vshield_admin.edge.system = read, write

vshield_admin.edge.appliance = read, write

vshield_admin.edge.highavailability = read, write

vshield_admin.edge.vnic = read, write

vshield_admin.edge.dns = read

vshield_admin.edge.ssh = read, write

vshield_admin.edge.autoplumbing = read

vshield_admin.edge.statistics = read

vshield_admin.edge.nat = read

vshield_admin.edge.dhcp = read

vshield_admin.edge.loadbalancer = read

vshield_admin.edge.vpn = read

vshield_admin.edge.syslog = read, write

vshield_admin.edge.support = read, write

vshield_admin.edge.routing = read

vshield_admin.edge.firewall = read

vshield_admin.edge.bridging = read

vshield_admin.edge.certificate = read

vshield_admin.edge.systemcontrol = read, write

vshield_admin.library.grouping = read

vshield_admin.app.config = read, write

vshield_admin.app.forcesync = read, write

vshield_admin.app.syslog = read, write

vshield_admin.app.techsupport = read, write

vshield_admin.namespace.config = read, write

vshield_admin.dlp.scan_scheduling = read, write

vshield_admin.epsec.reports = read, write

vshield_admin.epsec.registration = read, write

vshield_admin.epsec.health_monitoring = read

vshield_admin.epsec.policy = read, write

vshield_admin.epsec.scan_scheduling = read, write

vshield_admin.library.host_preparation = read, write

vshield_admin.library.tagging = read

vshield_admin.install.app = read, write

vshield_admin.install.epsec = read, write

vshield_admin.install.dlp = read, write

vshield_admin.vdn.config_nsm = read, write

vshield_admin.vdn.provision = read, write

vshield_admin.eam.install = read, write

vshield_admin.si.service = read, write

vshield_admin.si.serviceprofile = read, write

vshield_admin.truststore.trustentity_management = read, write

vshield_admin.ipam.configuration = read, write

vshield_admin.ipam.ipallocation = read, write

vshield_admin.secfabric.deploy = read, write

vshield_admin.secfabric.alarms = read_write

vshield_admin.blueprint_sam.ad_config = read, write

vshield_admin.blueprint_sam.control_data_collection = read, write

vshield_admin.blueprint_sam.techsupport = read, write

vshield_admin.blueprint_sam.db_maintain = read, write

vshield_admin.messaging.messaging = read, write

vshield_admin.replicator.configuration = read, write

기능 액세스 정의 - security_admin

security_admin.administration.system_events = read, write

security_admin.administration.audit_logs = read

security_admin.edge.system = read

security_admin.edge.appliance = read

security_admin.edge.highavailability = read

security_admin.edge.vnic = read, write

security_admin.edge.dns = read, write

security_admin.edge.ssh = read, write

security_admin.edge.autoplumbing = read, write

security_admin.edge.statistics = read

security_admin.edge.nat = read, write

security_admin.edge.dhcp = read, write

security_admin.edge.loadbalancer = read, write

security_admin.edge.vpn = read, write

security_admin.edge.syslog = read, write

security_admin.edge.support = read, write

security_admin.edge.routing = read, write

security_admin.edge.firewall = read, write

security_admin.edge.bridging = read, write

security_admin.edge.certificate = read, write

security_admin.edge.systemcontrol = read, write

security_admin.app.firewall = read, write

security_admin.app.flow = read, write

security_admin.app.forcesync = read

security_admin.app.syslog = read

security_admin.namespace.config = read

security_admin.spoofguard.config = read, write

security_admin.dlp.reports = read, write

security_admin.dlp.policy = read, write

security_admin.epsec.policy = read, write

security_admin.epsec.reports = read

security_admin.epsec.health_monitoring = read

security_admin.library.grouping = read, write

security_admin.library.tagging = read, write

security_admin.install.app = read

security_admin.install.epsec = read

security_admin.install.dlp = read

security_admin.vdn.config_nsm = read

security_admin.vdn.provision = read

security_admin.eam.install = read

security_admin.si.service = read, write

security_admin.si.serviceprofile = read

security_admin.truststore.trustentity_management = read, write

security_admin.ipam.configuration = read, write

security_admin.ipam.ipallocation = read, write

security_admin.secfabric.alarms = read

security_admin.secfabric.deploy = read

security_admin.security_policy.configuration = read, write

security_admin.security_policy.security_group_binding = read, write

security_admin.blueprint_sam.reports = read

security_admin.blueprint_sam.ad_config = read

security_admin.blueprint_sam.control_data_collection = read

security_admin.blueprint_sam.db_maintain = read

security_admin.messaging.messaging = read, write

security_admin.replicator.configuration = read

기능 액세스 정의 - auditor

auditor.administration.system_events = read

auditor.administration.audit_logs = read

auditor.edge.appliance = read

auditor.edge.highavailability = read

auditor.edge.vnic = read

auditor.edge.dns = read

auditor.edge.ssh = read

auditor.edge.autoplumbing = read

auditor.edge.statistics = read

auditor.edge.nat = read

auditor.edge.dhcp = read

auditor.edge.loadbalancer = read

auditor.edge.vpn = read

auditor.edge.syslog = read

auditor.edge.routing = read

auditor.edge.firewall = read

auditor.edge.bridging = read

auditor.edge.system = read

auditor.edge.certificate = read

auditor.edge.systemcontrol = read

auditor.app.firewall = read

auditor.app.flow = read

auditor.app.forcesync = read

auditor.app.syslog = read

auditor.namespace.config = read

auditor.spoofguard.config = read

auditor.dlp.scan_scheduling = read

auditor.dlp.policy = read

auditor.dlp.reports = read

auditor.library.grouping = read

auditor.epsec_host.health_monitoring = read

auditor.epsec.policy = read

auditor.epsec.reports = read

auditor.epsec.registration = read

auditor.vdn.config_nsm = read

auditor.epsec.scan_scheduling = read

auditor.vdn.provision = read

auditor.si.service = read

auditor.si.serviceprofile = read

auditor.truststore.trustentity_management = read

auditor.secfabric.alarms = read

auditor.secfabric.deploy = read

auditor.security_policy.configuration = read

auditor.security_policy.security_group_binding = read

auditor.blueprint_sam.reports = read

auditor.blueprint_sam.ad_config = read

auditor.blueprint_sam.control_data_collection = read

auditor.blueprint_sam.db_maintain = read

auditor.library.tagging = read

auditor.ipam.configuration = read

auditor.ipam.ipallocation = read

auditor.messaging.messaging = read

auditor.replicator.configuration = read

기능 액세스 정의 - dlp_svm

dlp_svm.dlp.svm_interaction = read, write

dlp_svm.epsec.svm_priv = read, write

dlp_svm.epsec.registration = read

dlp_svm.epsec.policy = read

dlp_svm.epsec.scan_scheduling = read

dlp_svm.library.host_preparation = read, write

dlp_svm.library.tagging = read, write

기능 액세스 정의 - epsec_host

epsec_host.epsec.registration = read

epsec_host.epsec.health_monitoring = write

기능 액세스 정의 - enterprise_admin

enterprise_admin.administration.configuration = read, write

enterprise_admin.administration.update = read, write

enterprise_admin.administration.system_events = read, write

enterprise_admin.administration.audit_logs = read

enterprise_admin.urm.user_account_management = read, write

enterprise_admin.urm.object_access_control = read

enterprise_admin.urm.feature_access_control = read

enterprise_admin.edge.system = read, write

enterprise_admin.edge.appliance = read, write

enterprise_admin.edge.highavailability = read, write

enterprise_admin.edge.vnic = read, write

enterprise_admin.edge.dns = read, write

enterprise_admin.edge.ssh = read, write

enterprise_admin.edge.autoplumbing = read, write

enterprise_admin.edge.statistics = read, write

enterprise_admin.edge.nat = read, write

enterprise_admin.edge.dhcp = read, write

enterprise_admin.edge.loadbalancer = read, write

enterprise_admin.edge.vpn = read, write

enterprise_admin.edge.syslog = read, write

enterprise_admin.edge.support = read, write

enterprise_admin.edge.routing = read, write

enterprise_admin.edge.firewall = read, write

enterprise_admin.edge.bridging = read, write

enterprise_admin.edge.certificate = read, write

enterprise_admin.edge.systemcontrol = read, write

enterprise_admin.library.grouping = read, write

enterprise_admin.library.host_preparation = read, write

enterprise_admin.library.tagging = read, write

enterprise_admin.app.config = read, write

enterprise_admin.app.forcesync = read, write

enterprise_admin.app.syslog = read, write

enterprise_admin.app.techsupport = read, write

enterprise_admin.app.firewall = read, write

enterprise_admin.app.flow = read, write

enterprise_admin.namespace.config = read, write

enterprise_admin.dlp.scan_scheduling = read, write

enterprise_admin.dlp.reports = read, write

enterprise_admin.dlp.policy = read, write

enterprise_admin.epsec.registration = read, write

enterprise_admin.epsec.health_monitoring = read

enterprise_admin.epsec.scan_scheduling = read, write

enterprise_admin.epsec.reports = read, write

enterprise_admin.epsec.policy = read, write

enterprise_admin.install.app = read, write

enterprise_admin.install.epsec = read, write

enterprise_admin.install.dlp = read, write

enterprise_admin.eam.install = read, write

enterprise_admin.spoofguard.config = read, write

enterprise_admin.vdn.config_nsm = read, write

enterprise_admin.vdn.provision = read, write

enterprise_admin.si.service = read, write

enterprise_admin.si.serviceprofile = read, write

enterprise_admin.truststore.trustentity_management = read, write

enterprise_admin.ipam.configuration = read, write

enterprise_admin.ipam.ipallocation = read, write

enterprise_admin.secfabric.deploy = read, write

enterprise_admin.secfabric.alarms = read, write

enterprise_admin.security_policy.configuration = read, write

enterprise_admin.security_policy.security_group_binding = read, write

enterprise_admin.blueprint_sam.reports = read

enterprise_admin.blueprint_sam.ad_config = read, write

enterprise_admin.blueprint_sam.control_data_collection = read, write

enterprise_admin.blueprint_sam.techsupport = read, write

enterprise_admin.blueprint_sam.db_maintain = read, write

enterprise_admin.messaging.messaging = read, write

enterprise_admin.replicator.configuration = read, write

기능 액세스 정의 - component_manager_user

component_manager_user.component_manager.healthstatus = read

기능 액세스 정의 - replicator

replicator.administration.configuration = read, write

replicator.administration.update = read, write

replicator.administration.system_events = read, write

replicator.administration.audit_logs = read

replicator.urm.user_account_management = read, write

replicator.urm.object_access_control = read

replicator.urm.feature_access_control = read

replicator.edge.system = read, write

replicator.edge.appliance = read, write

replicator.edge.highavailability = read

replicator.edge.vnic = read, write

replicator.edge.dns = read

replicator.edge.ssh = read

replicator.edge.autoplumbing = read, write

replicator.edge.statistics = read

replicator.edge.nat = read

replicator.edge.dhcp = read, write

replicator.edge.loadbalancer = read

replicator.edge.vpn = read

replicator.edge.syslog = read

replicator.edge.support = read

replicator.edge.routing = read, write

replicator.edge.firewall = read

replicator.edge.bridging = read

replicator.edge.certificate = read

replicator.edge.systemcontrol = read

replicator.library.grouping = read, write

replicator.library.host_preparation = read, write

replicator.library.tagging = read, write

replicator.app.config = read, write

replicator.app.forcesync = read, write

replicator.app.syslog = read, write

replicator.app.techsupport = read, write

replicator.app.firewall = read, write

replicator.app.flow = read, write

replicator.namespace.config = read, write

replicator.dlp.scan_scheduling = read, write

replicator.dlp.reports = read, write

replicator.dlp.policy = read, write

replicator.epsec.registration = read, write

replicator.epsec.health_monitoring = read

replicator.epsec.scan_scheduling = read, write

replicator.epsec.reports = read, write

replicator.epsec.policy = read, write

replicator.install.app = read, write

replicator.install.epsec = read, write

replicator.install.dlp = read, write

replicator.eam.install = read, write

replicator.spoofguard.config = read, write

replicator.vdn.config_nsm = read, write

replicator.vdn.provision = read, write

replicator.si.service = read, write

replicator.si.serviceprofile = read, write

replicator.truststore.trustentity_management = read, write

replicator.ipam.configuration = read, write

replicator.ipam.ipallocation = read, write

replicator.secfabric.deploy = read, write

replicator.secfabric.alarms = read, write

replicator.security_policy.configuration = read, write

replicator.security_policy.security_group_binding = read, write

replicator.blueprint_sam.reports = read

replicator.blueprint_sam.ad_config = read, write

replicator.blueprint_sam.control_data_collection = read, write

replicator.blueprint_sam.techsupport = read, write

replicator.blueprint_sam.db_maintain = read, write

replicator.messaging.messaging = read, write

replicator.replicator.configuration = read, write

범용 개체의 보조 노드에서 덮어쓰기 역할 기능 사용 권한

secondary.super_user.edge.highavailability = read, write

secondary.enterprise_admin.edge.highavailability = read, write

secondary.vshield_admin.edge.highavailability = read, write

secondary.super_user.edge.ssh = read, write

secondary.enterprise_admin.edge.ssh = read, write

secondary.security_admin.edge.ssh = read, write

secondary.vshield_admin.edge.ssh = read, write

secondary.super_user.edge.syslog = read, write

secondary.enterprise_admin.edge.syslog = read, write

secondary.security_admin.edge.syslog = read, write

secondary.vshield_admin.edge.syslog = read, write

secondary.super_user.edge.support = read, write

secondary.enterprise_admin.edge.support = read, write

secondary.security_admin.edge.support = read, write

secondary.vshield_admin.edge.support = read, write

secondary.super_user.edge.routing = read, write

secondary.security_admin.edge.routing = read, write

secondary.enterprise_admin.edge.routing = read, write

secondary.super_user.edge.appliance = read, write

secondary.vshield_admin.edge.appliance = read, write

secondary.enterprise_admin.edge.appliance = read, write

secondary.super_user.edge.vnic = read, write

secondary.vshield_admin.edge.vnic = read, write

secondary.enterprise_admin.edge.vnic = read, write

secondary.super_user.edge.firewall = read, write

secondary.vshield_admin.edge.firewall = read, write

secondary.enterprise_admin.edge.firewall = read, write