NSX – Manage User rights

A user’s role defines the actions the user is allowed to perform on a given resource. The role determine the user’s authorized activities on the given resource, ensuring that a user has access only to the functions necessary to complete applicable operations. This allows domain control over specific resources, or system-wide control if your right has no restrictions.

The following rules are enforced:

  • A user can only have one role.
  • You cannot add a role to a user, or remove an assigned role from a user. You can, however, change the assigned role for a user.

Enterprise Administrator  = NSX operations and security.
NSX Administrator = NSX operations only: for example, install virtual appliances, configure port groups.
Security Administrator = NSX security only: for example, define data security policies, create port groups, create reports for NSX modules.
Auditor = Read only.

Assign roles to user accounts

1. Log into the vSphere Web Client.

2. Click Networking and Security.

3. Click NSX Managers on the left-hand-side.

4. Select the NSX Manager, click Manage, followed by Users.

5. When you click the green + sign and choose either to add a user OR a group.

6. Assign the role based on the access required

Change a User Role

You can change the role assignment for all users, except for the admin user.

1. Log in to the vSphere Web Client.

2. Click Networking & Security and then click NSX Managers.

3. Click an NSX Manager in the Name column and then click the Manage tab.

4. Click Users.

5. Select the user you want to change the role for.

6. Click Change Role.

7. Make changes as necessary.

8. Click Finish to save your changes.

Disable or Enable a User Account

You can disable a user account to prevent that user from logging in to the NSX Manager. You cannot disable the admin user or a user who is currently logged into the NSX Manager.

1. Log in to the vSphere Web Client.

2. Click Networking & Security and then click NSX Managers.

3. Click an NSX Manager in the Name column and then click the Manage tab.

4. Click Users.

5. Select a user account.

6. Click the Enable or Disable icon.

Delete a User Account

You can delete any created user account. You cannot delete the admin account. Audit records for deleted users are maintained in the database and can be referenced in an Audit Log report.

1. Log in to the vSphere Web Client.
2. Click Networking & Security and then click NSX Managers.
3. Click an NSX Manager in the Name column and then click the Manage tab.
4. Click Users.
5. Select a user account.
6. Click Delete.
7. Click OK to confirm deletion.

If you delete a vCenter user account, only the role assignment for NSX Manager is deleted. The user account on vCenter is not deleted

Leave a Reply

Your email address will not be published. Required fields are marked *