Submit Search

NSX Roles

NSX roles define what access users can have to the NSX resource. The following preconfigured NSX roles are shipped with CloudControl:

ASC_SecurityAuditor
ASC_SecurityOperator
ASC_SecurityAdministrator

ASC_NetworkOperator
ASC_LoadBalanceAdmin
ASC_NetworkEngineer

Note: No NSX roles have privileges to operate within the virtual infrastructure.

CloudControl Role	Description
ASC_SecurityAdmin	Users with the ASC_SecurityAdmin role have access to CloudControl and NSX resources. They can define policies in CloudControl, apply Firewall policies, and have CUD privileges on Security Groups, Security Policies, Firewalls, Firewall Rules, ACLs, and Security Profiles.
ASC_SecurityOperator	Users with the ASC_SecurityOperator role have read-only access to core security-related resources, including Firewalls, Security Groups, Security Policies, Security Tags, IP Sets, MAC Sets, Services, Service Groups, and Flow-Monitored objects. They can access the CloudControl dashboard and view configured policies and violation reports.
ASC_SecurityAuditor	Users with the ASC_SecurityAuditor role have read-only access to security-related resources, including Security Groups, Security Policies, Firewalls, Firewall Rules, ACLs, and Security Profiles. These users have no access to the CloudControl dashboard.
ASC_NetworkEngineer	Users with the ASC_NetworkEngineer role have full access to most networking resources, including Logical Switches, Routers, Firewall, Network Service Containers and Services, Transport Zones, and IP Pools. They have read-only access to core security-related resources such as Security Groups, Security Policies, ACLs, and Security Profiles, and have no access to the CloudControl dashboard.
ASC_LoadBalancerAdmin	Users with the ASC_LoadBalancerAdmin role have full access to Load Balancer-related resources, including Load Balancers, VIPs, Pools, and Pool members. They have read-only access to other networking resources and have no access to the CloudControl dashboard.
ASC_NetworkOperator	Users with the ASC_NetworkOperator role have read-only access to most networking resources, including Logical Switches, Routers, Network Service Containers and Services, Transport Zones, and IP Pools. They have no access to security-related resources, and have no access to the CloudControl dashboard.