Solved: Granular Access to edit security groups only?

KKSAdmin · ‎08-21-2018

Is there a way to provide admins with the ability to edit security group membership but NOT to allow firewall edits? Thanks!

bayupw · ‎09-06-2018

The current available built in roles (including the latest NSX 6.4.2), roles that has Read/Write permission to security groups and tagging would also have Read/Write permission to Firewall Config.

If you need more specific fine grained granular permissions, you may want to explore third party solution such as HyTrust or ReSTNSX

Bayu Wibowo | VCIX6-DCV/NV
Author of VMware NSX Cookbook http://bit.ly/NSXCookbook
https://github.com/bayupw/PowerNSX-Scripts
https://nz.linkedin.com/in/bayupw | twitter @bayupw

View solution in original post

bayupw · ‎09-06-2018

The current available built in roles (including the latest NSX 6.4.2), roles that has Read/Write permission to security groups and tagging would also have Read/Write permission to Firewall Config.

If you need more specific fine grained granular permissions, you may want to explore third party solution such as HyTrust or ReSTNSX

Bayu Wibowo | VCIX6-DCV/NV
Author of VMware NSX Cookbook http://bit.ly/NSXCookbook
https://github.com/bayupw/PowerNSX-Scripts
https://nz.linkedin.com/in/bayupw | twitter @bayupw

All

Granular Access to edit security groups only?