A user’s role defines the actions the user is allowed to perform on a given resource. The role determine the user’s authorized activities on the given resource, ensuring that a user has access only to the functions necessary to complete applicable operations. This allows domain control over specific resources, or system-wide control if your right has no restrictions.

The following rules are enforced:

A user can only have one role.

You cannot add a role to a user, or remove an assigned role from a user. You can, however, change the assigned role for a user.

NSX Manager User Roles



Enterprise Administrator

NSX operations and security.

NSX Administrator

NSX operations only: for example, install virtual appliances, configure port groups.

Security Administrator

NSX security only: for example, define data security policies, create port groups, create reports for NSX modules.


Read only.

The scope of a role determines what resources a particular user can view. The following scopes are available for NSX users.

NSX Manager User Scope



No restriction

Access to entire NSX system.

Limit access scope

Access to a specified Edge.

The Enterprise Administrator and NSX Administrator roles can only be assigned to vCenter users, and their access scope is global (no restrictions).