A user needs to be given the ability to make configuration changes on a specific NSX Edge
device. What role and scope could be used to meet this requirement?
A.
NSX Administrator role and Limit Access scope
B.
Security Administrator role and Limit Access scope
C.
NSX Administrator role and No restriction scope
D.
Security Administrator role and No restriction scope
My Guess is A.
CORRECTION: B
I assume A: https://pubs.vmware.com/NSX-6/index.jsp#com.vmware.nsx.admin.doc/GUID-79F9067D-2F29-45DA-85C7-09EFC31549EA.html
http://wahlnetwork.com/2014/05/06/working-nsx-assigning-user-permissions/
“NSX Administrator – Users in this role can perform all tasks related to deployment and administration of this NSX Manager instance.”
–> Limit Access Scope means that the user has just rights on a single edge device, for example.
yeah, something tells me there’s something missing from this question or it’s just flat out wrong. Maybe if it said something about making POLICY configuration changes, then Security Admin with limited access would apply.
But I believe the keyword to focus on is DEVICE…hence operations, hence NSX Admin with limited scope.
From the NSX Administration Guide (same link as Max’s above):
“The Enterprise Administrator and NSX Administrator roles can only be assigned to vCenter users, and their access scope is global (no restrictions).”
So it can’t be A as you can’t apply a limited scope to an NSX Administrator. And a Security Administrator can’t make configuration changes to devices. So it must be C. Am I wrong?
In my opinion this is another poorly worded question, however if you read between the lines the question asks “user needs to be given the ability to make configuration changes on a specific NSX Edge”. Because of the rule you mentioned NSX Admins only have Global Access, you couldn’t limit them to just one specific edge.
I think it could have said “what is the least role & scope a user could have to make config changes to a specific edge?”