Most Restrictive NSX-T Built-In Role for NSX Edge Configuration Changes

B.

In NSX-T, built-in roles are used to grant users access to various functions and features within the NSX-T Manager. These roles are designed to ensure that users only have access to the features they need to perform their specific job functions.

To apply configuration changes on an NSX Edge, a user needs to have at least Network Engineer privileges. However, the most restrictive built-in role that will allow a user to apply configuration changes on a NSX Edge is Network Operator.

The Network Operator role is a predefined role that has read-only access to most NSX-T Manager features and read-write access to a limited set of features, including Edge configuration. Network Operators can view the Edge configuration but cannot modify the overall topology or create new Edges.

In contrast, the Network Engineer role has read-write access to most NSX-T Manager features and can create new Edges, modify the overall topology, and apply configuration changes on NSX Edges.

The Cloud Service Administrator role has even broader access, including read-write access to all NSX-T Manager features, as well as access to the NSX-T API, and is typically reserved for higher-level administrators.

Finally, the NSX Administrator role has full read-write access to all NSX-T Manager features, including the ability to create and modify user roles, permissions, and access control lists. This role is typically reserved for the highest level of NSX-T administration.

In summary, the most restrictive built-in role that will allow a user to apply configuration changes on a NSX Edge is the Network Operator role, which has read-only access to most NSX-T Manager features and read-write access to a limited set of features, including Edge configuration.