vCenter Permissions

The list below includes the permissions related to vCenter Resources.

  • Users with the Administrator role in OnApp have vCenter related permissions enabled by default. They can create and manage vCenter resources if there is a vCenter compute resource in the cloud.
  • Users with vCenter User role have all OnApp User permissions, default permissions for vCenter User role, and two extra permissions necessary to create a vCenter VS:
    • Read all public OVAs 
    • See Compute Resource during virtual server creation
  • Users with OnApp User role have limited vCenter permissions enabled by default, and cannot create a vCenter VS.
  • The vCenter permissions list is not updated in OnApp for custom roles imported from vCenter.

Default Permissions for vCenter User Role


vCenter Clusters

OnApp administrators can control users' ability to manage vCenter clusters through the Control Panel's Roles menu. You can set the following cluster permissions for user roles:

  • Any actions on vCenter Clusters - the user can take any action on vCenter clusters
  • Show vCenter Clusters on Virtual Server creation - the user can see vCenter Clusters on Add New Virtual Server screen


vCenter Datacenters

OnApp administrators can control users' ability to manage vCenter datacenters. This is handled through the Control Panel's Roles menu. You can set the following datacenters permissions for user roles:

  • Any actions on vCenter Datacenters - the user can take any action on vCenter Datacenters
  • Show vCenter Datacenters on Virtual Server creation - the user can see vCenter Datacenters on Add New Virtual Server screen



vCenter Templates

  • Any actions on vCenter Templates - the user can take any action on vCenter
  • See any vCenter Templates - the user can see any vCenter templates
  • Update any vCenter Templates - the user can edit any vCenter templates



Virtual Servers

  • Resync vCenter VS - the user can run the re-import vCenter VS transaction


Other vCenter Permissions


NSX Edges

OnApp administrators can control users' ability to manage NSX edges through the Control Panel's Roles menu. You can set the following NSX edges permissions for user roles:

  • Any action on edge - the user can take any action on NSX edges
  • See any edge - the user can see any NSX edge 

NSX Firewall Rules

OnApp administrators can control users' ability to manage NSX firewall rules through the Control Panel's Roles menu. You can set the following firewall rules permissions for user roles:

  • Any action on firewall rule - the user can take any action on NSX firewall rules
  • Create any firewall rule - the user can create a new NSX firewall rule
  • Delete any firewall rule - the user can delete any NSX firewall rule
  • See any firewall rules - the user can see any NSx firewall rules
  • Update any firewall rule - the user can edit any NSX firewall rule

NSX Firewall Services

OnApp administrators can control users' ability to manage NSX firewall services through the Control Panel's Roles menu. You can set the following firewall services permissions for user roles:

  • Any action on firewall service - the user can take any action on NSX firewall services
  • See any firewall service - the user can see any NSX firewall service
  • Update any firewall service - the user can edit any NSX firewall service

NSX IPSec Services

OnApp administrators can control users' ability to manage NSX IPSec services through the Control Panel's Roles menu. You can set the following IPSec services permissions for user roles:

  • Any action on IPSec service - the user can take any action on NSX IPSec services
  • See any IPSec service - the user can see any NSX IPSec service
  • Update any IPSec service - the user can edit any NSX IPSec service

NSX IPSec Sites

OnApp administrators can control users' ability to manage NSX IPSec sites through the Control Panel's Roles menu. You can set the following IPSec sites permissions for user roles:

  • Any action on IPSec site - the user can take any action on NSX IPSec sites
  • Create IPSec sites - the user can create an NSX IPSec site
  • Delete any IPSec site - the user can delete any NSX L2 VPN IPSec site
  • See any IPSec site - the user can see any NSX IPSec sites
  • Update any IPSec site - the user can edit any NSX IPSec site

NSX L2 VPN Peer Sites

OnApp administrators can control users' ability to manage NSX L2 VPN peer sites through the Control Panel's Roles menu. You can set the following L2 VPN peer sites permissions for user roles:

  • Any action on L2 VPN peer site - the user can take any action on NSX L2 VPN peer sites
  • Create L2 VPN peer sites - the user can create an NSX L2 VPN peer site
  • Delete any L2 VPN peer site - the user can delete any NSX L2 VPN peer site
  • See any L2 VPN peer site - the user can see any NSX L2 VPN sites
  • Update any L2 VPN peer site - the user can edit any NSX L2 VPN sites

NSX L2 VPN Services

OnApp administrators can control users' ability to manage NSX L2 VPN services through the Control Panel's Roles menu. You can set the following L2 VPN services permissions for user roles:

  • Any action on L2 VPN service - the user can take any action on NSC L2 VPN services
  • See any L2 VPN service - the user can see any NSX L2 VPN service
  • Update any L2 VPN service - the user can edit any NSX load balacer L2 VPN services

NSX Load Balancer Application Profiles

OnApp administrators can control users' ability to manage NSX load balancer application profiles through the Control Panel's Roles menu. You can set the following load balancer application profiles permissions for user roles:

  • Any action on application profile - the user can take any action on NSX load balancer application profiles
  • Create any application profile - the user can create a new NSX load balancer application profile
  • Delete any application profile - the user can delete any NSX load balancer application profile
  • See any application profile - the user can see any NSX load balancer application profile
  • Update any application profile - the user can edit any NSX load balancer application profile

NSX Load Balancer Application Rules

OnApp administrators can control users' ability to manage NSX load balancer application rules through the Control Panel's Roles menu. You can set the following load balancer application rules permissions for user roles:

  • Any action on application rules - the user can take any action on NSX load balancer application rules

  • Create any application rule -  the user can create a new NSX load balancer application rule
  • Delete any application rule - the user can delete any NSX load balancer application rule
  • See any application rule - the user can see any NSX load balancer application rules
  • Update any application rule - the user can edit any NSX load balancer application rules

NSX Load Balancer Monitors

OnApp administrators can control users' ability to manage NSX load balancer monitors through the Control Panel's Roles menu. You can set the following load balancer monitors permissions for user roles:

  • Any action on monitors - the user can take any action on NSX load balancer monitors
  • Create any monitor -  the user can create a new NSX load balancer monitor
  • Delete any monitor - the user can delete any NSX load balancer monitor
  • See any monitor - the user can see any NSX load balancer monitors
  • Update any monitor - the user can edit any NSX load balancer monitors

NSX Load Balancer Pools

OnApp administrators can control users' ability to manage NSX load balancer pools through the Control Panel's Roles menu. You can set the following load balancer pools permissions for user roles:

  • Any action on pool - the user can take any action on NSX load balancer pools
  • Create any pool -  the user can create a new NSX load balancer pool
  • Delete any pool - the user can delete any NSX load balancer pool
  • See any pool -  the user can see any NSX load balancer pools
  • Update any pool - the user can edit any NSX load balancer pools

NSX Load Balancer Services

OnApp administrators can control users' ability to manage NSX load balancer services through the Control Panel's Roles menu. You can set the following load balancer services permissions for user roles:

  • Any action on load balancer service - the user can take any action on NSX load balancer services
  • See any load balancer service - the user can see any NSX load balancer service
  • Update any load balancer service - the user can edit any NSX load balancer service

NSX Load Balancer Virtual Servers

OnApp administrators can control users' ability to manage NSX Edge internal or uplink interfaces as virtual servers through the Control Panel's Roles menu. You can set the following permissions for user roles:

  • Any action on virtual server - the user can take any action on NSX load balancer virtual servers

  • Create any virtual server - the user can create a new NSX load balancer virtual server

  • Delete any virtual server - the user can delete any NSX load balancer virtual servers

  • See any virtual server - the user can see any NSX load balancer virtual servers

  • Update any virtual server - the user can edit any NSX load balancer virtual servers

NSX Managers

OnApp administrators can control users' ability to manage NSX managers through the Control Panel's Roles menu. You can set the following NSX managers permissions for user roles:

  • Any action on NSX manager - the user can take any action on NSX manager
  • See any NSX manager - the user can see any NSX manager
  • Update any NSX manager - the user can edit any NSX manager

NSX NAT Rules

OnApp administrators can control users' ability to manage NSX NAT rules through the Control Panel's Roles menu. You can set the following NAT rules permissions for user roles:

  • Any action on nat rule - the user can take any action on NSX NAT rules
  • Create any nat rule - the user can create a new NSX NAT rule
  • Delete any nat rule - the user can delete any NSX NAT rule
  • See any nat rule - the user can see any NSX NAT rules
  • Update any nat rule - the user can edit any NSX NAT rules

NSX NAT Services

OnApp administrators can control users' ability to manage NSX NAT services through the Control Panel's Roles menu. You can set the following NAT services permissions for user roles:

  • Any action on nat service - the user can take any action on NSX NAT services
  • See any nat service - the user can see any NSX NAT services
  • Update any nat service - the user can edit any NSX NAT services

Virtual Servers

  • Infrastructure Mode - the user can build managed vCenter VSs

See Create Custom vCenter VS for more details.