NSX Roles
NSX roles define what access users can have to the NSX resource. The following preconfigured NSX roles are shipped with CloudControl:
|
|
Note: No NSX roles have privileges to operate within the virtual infrastructure.
CloudControl Role |
Description |
---|---|
ASC_SecurityAdmin |
Users with the ASC_SecurityAdmin role have access to CloudControl and NSX resources. They can define policies in CloudControl, apply Firewall policies, and have CUD privileges on Security Groups, Security Policies, Firewalls, Firewall Rules, ACLs, and Security Profiles. |
ASC_SecurityOperator |
Users with the ASC_SecurityOperator role have read-only access to core security-related resources, including Firewalls, Security Groups, Security Policies, Security Tags, IP Sets, MAC Sets, Services, Service Groups, and Flow-Monitored objects. They can access the CloudControl dashboard and view configured policies and violation reports. |
ASC_SecurityAuditor |
Users with the ASC_SecurityAuditor role have read-only access to security-related resources, including Security Groups, Security Policies, Firewalls, Firewall Rules, ACLs, and Security Profiles. These users have no access to the CloudControl dashboard. |
ASC_NetworkEngineer |
Users with the ASC_NetworkEngineer role have full access to most networking resources, including Logical Switches, Routers, Firewall, Network Service Containers and Services, Transport Zones, and IP Pools. They have read-only access to core security-related resources such as Security Groups, Security Policies, ACLs, and Security Profiles, and have no access to the CloudControl dashboard. |
ASC_LoadBalancerAdmin |
Users with the ASC_LoadBalancerAdmin role have full access to Load Balancer-related resources, including Load Balancers, VIPs, Pools, and Pool members. They have read-only access to other networking resources and have no access to the CloudControl dashboard. |
ASC_NetworkOperator |
Users with the ASC_NetworkOperator role have read-only access to most networking resources, including Logical Switches, Routers, Network Service Containers and Services, Transport Zones, and IP Pools. They have no access to security-related resources, and have no access to the CloudControl dashboard. |