The NSX Manager must assign users/accounts to organization-defined roles configured with approved authorizations.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
high	V-265292	SRG-APP-000033-NDM-000212	NMGR-4X-000010	SV-265292r994099_rule	2024-12-13	1

Description
The lack of authorization-based access control could result in the immediate compromise and unauthorized access to sensitive information. Users must be assigned to roles which are configured with approved authorizations and access permissions. The NSX Manager must be configured granularly based on organization requirements to only allow authorized administrators to execute privileged functions. Role assignments should control which administrators can view or change the device configuration, system files, and locally stored audit information. Satisfies: SRG-APP-000033-NDM-000212, SRG-APP-000038-NDM-000213, SRG-APP-000119-NDM-000236, SRG-APP-000120-NDM-000237, SRG-APP-000133-NDM-000244, SRG-APP-000231-NDM-000271, SRG-APP-000329-NDM-000287, SRG-APP-000340-NDM-000288, SRG-APP-000378-NDM-000302, SRG-APP-000380-NDM-000304, SRG-APP-000408-NDM-000314, SRG-APP-000516-NDM-000335

Description

The lack of authorization-based access control could result in the immediate compromise and unauthorized access to sensitive information. Users must be assigned to roles which are configured with approved authorizations and access permissions. The NSX Manager must be configured granularly based on organization requirements to only allow authorized administrators to execute privileged functions. Role assignments should control which administrators can view or change the device configuration, system files, and locally stored audit information. Satisfies: SRG-APP-000033-NDM-000212, SRG-APP-000038-NDM-000213, SRG-APP-000119-NDM-000236, SRG-APP-000120-NDM-000237, SRG-APP-000133-NDM-000244, SRG-APP-000231-NDM-000271, SRG-APP-000329-NDM-000287, SRG-APP-000340-NDM-000288, SRG-APP-000378-NDM-000302, SRG-APP-000380-NDM-000304, SRG-APP-000408-NDM-000314, SRG-APP-000516-NDM-000335

ℹ️ Check
From the NSX Manager web interface, go to System >> Settings >> User Management >> User Role Assignment. View each user and group and verify the role assigned has authorization limits as appropriate to the role and in accordance with the site's documentation. If any user/group or service account are assigned to roles with privileges that are beyond those required and authorized by the organization, this is a finding.

ℹ️ Check

From the NSX Manager web interface, go to System >> Settings >> User Management >> User Role Assignment. View each user and group and verify the role assigned has authorization limits as appropriate to the role and in accordance with the site's documentation. If any user/group or service account are assigned to roles with privileges that are beyond those required and authorized by the organization, this is a finding.

✔️ Fix
To create a new role with reduced permissions, do the following: From the NSX Manager web interface, go to System >> Settings >> User Management >> Roles. Click "Add Role", provide a name and the required permissions, and then click "Save". To update user or group permissions to an existing role with reduced permissions, do the following: From the NSX Manager web interface, go to System >> User Management >> User Role Assignment. Click the menu dropdown next to the target user or group and select "Edit". Remove the existing role, select the new one, and then click "Save".

✔️ Fix

To create a new role with reduced permissions, do the following: From the NSX Manager web interface, go to System >> Settings >> User Management >> Roles. Click "Add Role", provide a name and the required permissions, and then click "Save". To update user or group permissions to an existing role with reduced permissions, do the following: From the NSX Manager web interface, go to System >> User Management >> User Role Assignment. Click the menu dropdown next to the target user or group and select "Edit". Remove the existing role, select the new one, and then click "Save".