In this post, we will get into the NSX Permission (Role Based Access control) configuration.
Let’s go to NSX console from vSphere Client and from there Go to “Manage” -> “Users” -> Click on the green Plus button:
Here we can select if we want to map specific A/D user to NSX Role or A/D Group to Role.
Let’s start with a sample user “dave”, which should have been already created in our Active Directory, this user “dave” is required “Enterprise Administrator” permission, as he is going to manage our entire NSX environment. same way we can assign permission to other users with different permission needs.
Select one of the NSX Role, for “dave” user we chose “Enterprise Administrator”
Let’s Try our first login with user “dave”:
The login successful but there is no “Network & Security” tab , as user got the permission on the NSX but not on the vCenter.
So far we configure all NSX Manager part but we didnt take care of the vCenter Configuration permission for that user.
Let’s configure vCenter permission, so that user can view Network & Security Tab:
vCenter has its own Role for each group. We need to configure roles to etch A/D group/users to whom we want to assign permission. These settings determine what the user can create/access the in vCenter environment.
Configure vCenter Roles:
Let’s start by configure the Role for “dave”. We know this user is for “Enterprise Administrator” in the NSX Manager, so it will make sense to give this user “Network Administrator” to all other vCenter environment, so that he can manage network related components of vSphere also.
Go to vCenter -> Manage -> Permissions and click the green button:
For our case choose “Network Administrator” is the Minimum.
Select “Network Administrator” from the Assigned Role drop down list and click on the “Add” button from “User and Group”:
From the Domain Select your Domain name, in our lab the domain is “CORP”, choose your Active Directory user from the list (dave for this example) and click the “Add” button:
Click Ok and Ok for Next Step:
Now we can try to login with “Dave” user: now Networking & Security is visible.