Prism user permissions – what are the options?

  • 16 March 2020
  • 0 replies

Userlevel 5
Badge +5
  • Nutanix Employee
  • 257 replies

When considering providing certain permissions to a user or a group the following may come handy.

Nutanix user accounts can be created or updated as needed using the Prism web console. The accounts can be local or pulled from Active Directory or LDAP servers. 

On top of that Prism Central provides a third authentication method – SAML authentication. Users can authenticate through a qualified identity provider when SAML support is enabled for Prism Central. The Security Assertion Markup Language (SAML) is an open standard for exchanging authentication and authorization data between two parties, ADFS as the identity provider (IDP) and Prism Central as the service provider.

Once the account has been created it must be assigned a role. There are three options in Prism Element:

  • User Administrator – allows the user to view information, perform any administrative task, and create or modify user accounts. 

  • Cluster Administrator – allows the user to view information and perform any administrative task (but not create or modify user accounts).

  • Viewer – does not provide permission to perform cluster or user administrative tasks, allows the user to view information only. Does not allow the user to launch VM Console.

Prism Central includes a wider range of predefined roles, however if the built-in roles are not sufficient for your needs, you can create one or more custom roles (AHV only).

Role Privileges
Super Admin Full administrator privileges
Prism Admin Full administrator privileges except for creating or modifying the user accounts
Prism Viewer View-only privileges
Self-Service Admin Manages all cloud-oriented resources and services

Note: This is the only cloud administration role available.

Project Admin Manages cloud objects (roles, VMs, Apps, Marketplace) belonging to a project

Note: You can specify a role for a user when you assign a user to a project, so individual users or groups can have different roles in the same project.

Developer Develops, troubleshoots, and tests applications in a project
Consumer Accesses the applications and blueprints in a project
Operator Accesses the applications in a project


For more information as well as instructions on how to configure and modify the options please refer to the guides below:

Security Guide v5.16: User Management

Prism Central Guide v5.10: Security User Management

This topic has been closed for comments