thecloudxpert

VCAP6-NV Deploy - Objective 5.3 - Configure and Manage Role Based Access Control

VMware NSX-V VCAP6-NV VCIX6-NV

Published on 30 July 2017 by Christopher Lewis. Words: 555. Reading Time: 3 mins.

Objective 5.3 - Configure and Manage Role Based Access Control

Objective Overview

  • Implement identity service support for Active Directory, NIS, and LDAP with Single Sign-On (SSO).
  • Manage User rights:
    • Assign roles to user accounts
    • Change a user role
    • Delete/disable/enable a user account

Objective Prerequisites

The following prerequisites are assumed for this Objective:

  • A working VMware vSphere 6.x environment.
  • A working VMware NSX 6.x environment.

Objective Breakdown

Implement identity service support for Active Directory, NIS, and LDAP with Single Sign-On (SSO)

Configuring SSO requires that NTP is configured correctly within the VMware NSX Manager. We covered this in HOWTO: Deploy and Configure the VMware NSX Manager Virtual Appliance - Part 2

Single Sign-On (SSO) is also configured within the VMware NSX Manager. We covered this in HOWTO: Deploy and Configure the VMware NSX Manager Virtual Appliance - Part 3

Manage User Rights

There are four VMware NSX User roles that can be applied to users or groups of users. These are:

  • Enterprise Administrator - NSX Operations and Security.
  • NSX Administrator - NSX Operations only.
  • Security Administrator - NSX Security only.
  • Auditor - Read Only.

Manage User Rights: Assign roles to User Accounts or Groups

In this example, we are going to assign the NSX Administrator role to an individual user. In real life, as a best practice recommendation, you would assign the role to a group so that all members of the group would be given the role.


  1. Using your favourite web browser, navigate to the vCenter Server login page (https://vcenter.fqdn).
  1. Type the administrator User name and Password and click Login.
  1. Click Networking and Security.
  1. Click NSX Managers.
  1. Click on the NSX Manager IP Address.
  1. Click the Manage tab.
  1. Click Users.
  1. Click Add (+).
  1. Type the name of the User into the field provided.
  1. Click Next.
  1. Select the NSX Administrator option.
  1. Click Finish.

Manage User Rights: Change a user role

In this example, we’re going to correct the user role for the NSX.SecAdmin user, who should be assigned the Security Administrator role.


  1. Using your favourite web browser, navigate to the vCenter Server login page ( https://vcenter.fqdn ).
  1. Type the administrator User name and Password and click Login.
  1. Click Networking and Security.
  1. Click NSX Managers.
  1. Click on the NSX Manager IP Address.
  1. Click the Manage tab.
  1. Click Users.
  1. Select the NSX.SecAdmin user and click Edit.
  1. Select the Security Administrator option.
  1. Click Finish.
  1. Click Yes.

Manage User Rights: Delete/disable/enable a user account

In this example, we are going to complete the following:

  • Remove the Auditor role from the NSX.Auditor user
  • Enable the NSX.Admin user
  • Disable the NSX.EntAdmin user.

  1. Using your favourite web browser, navigate to the vCenter Server login page (https://vcenter.fqdn).
  1. Type the administrator User name and Password and click Login.
  1. Click Networking and Security.
  1. Click NSX Managers.
  1. Click on the NSX Manager IP Address.
  1. Click the Manage tab.
  1. Click Users.
  1. Highlight the NSX.Auditor user account and click Delete (X).

  1. Click Yes.

  2. Highlight the NSX.Admin user account and click Enable.

  1. Highlight the NSX.EntAdmin user account and click Disable.

Published on 30 July 2017 by Christopher Lewis. Words: 555. Reading Time: 3 mins.


Blog Categories: VMware NSX NSX-V Certification
Related Post(s):
Recent Posts:
  • Creating a Custom Resource Action - Part 1: Getting Started & API Discovery
  • Operating a Private Cloud - Part 3: Creating a Pricing Card in VMware Aria Automation
  • Operating a Private Cloud - Part 2: Creating a Pricing Card in VMware Aria Operations
  • Operating a Private Cloud - Part 1: Understanding Pricing Cards in VMware Aria
  • Zero2Hero - Using Aria Automation to Deploy Multiple Machines with Multiple Disks - Part 5
    • Blog Categories:
    active directory 6 aria automation 9 aria automation orchestrator 1 aria operations 2 aws 2 blog 1 career 1 certificate authority 5 certificates 5 certification 91 cloud management 1 cloudnativecon 1 community 1 fun 1 general 9 hands on labs 1 home lab 2 kubecon 1 kubernetes 1 microsoft 7 nsx 45 nsx v 41 powercli 8 powershell 6 reviews 1 vcap 48 vcap6 2 vcenter 4 vcix 2 vexpert 9 vmug 5 vmware 99+ vmware aria 1 vmware aria automation 9 vmware aria automation orchestrator 1 vmware aria operations 3 vmware cloud 3 vmware cloud director 1 vmware explore 2 vmware identity manager 2 vmworld 36 vrealize automation 80 vrealize automation saltstack config 1 vrealize business 2 vrealize log insight 1 vrealize operations 1 vrealize operations manager 5 vrealize orchestrator 13 vrealize suite 14 vrealize suite lifecycle manager 20 vsan 5 vsphere 9 windows 6
    Top Tags:
    active directory 6 api 18 barcelona 24 certificates 11 certification 7 howto 33 microsoft 7 multi tenancy 9 nsx v 43 platform services controller 8 powercli 8 powershell 7 psc 6 vcap 9 vcap6 45 vcap6 cma 48 vcap6 nv 37 vcix6 nv 36 vexpert 19 vmug 8 vmware 99+ vmware aria 10 vmware aria automation 9 vmworld 35 vmworld 2016 13 vmworld 2017 9 vra 13 vrealize automation 74 vrealize operations 8 vrealize orchestrator 21 vrealize suite lifecycle manager 11 vrslcm 20 vsan 7 vsphere 12