Test Drive

Fine-Grained RBAC with Nutanix Prism Central

Create Authorization Policies that Fit your IT Organization

By Ranjit Sawant

August 6, 2025 11:43 pm |
min

Introduction: One Size Doesn’t Fit All

Many organizations have global and local IT teams that share responsibilities, with each one managing different aspects of policy enforcement and resource operations. To support this diversity, the Nutanix Prism Central multi-cluster manager offers fine-grained role-based access control (RBAC). This feature enables the creation of authorization policies that align with your organization’s structure and needs. 

Why Fine-Grained RBAC Matters

One of the biggest challenges IT organizations face is granting users access to only perform operations on specific resources or IT entities they need – nothing more, nothing less. Consider these common scenarios: 

  • Restricting VDI administrators to manage only VDI-related VMs.

  • Limiting local IT admins that need access to specific clusters within a larger infrastructure.

  • Granting support admin view-only access and the ability to power on designated VMs.

Prism Central fine-grained RBAC addresses this by allowing administrators to:

  • Select specific operations, such as powering-on a VM.

  • Define resource-level permissions, such as for VMs that are tagged with “Environment=Production.”

  • Assign policies to specific groups or users, whether those groups are locally defined or managed through Active Directory.

Authorization Policies: Defining Access with Precision

An authorization policy in Prism Central is built from three key components:

  1. Roles: What actions can the user perform?

  2. Scope: Which resources do those actions apply to?

  3. Users/groups: Who does the policy apply to?

Example:

[User(s)] Local User A can [Role/Operations/Permissions] perform the VM:PowerOn to [scope] only VMs that are tagged with [Category] type=Production.

Roles: Granular Control Over Operations

Roles in Prism Central are collections of operations or permissions that can span a single service or multiple services. Each permission maps to a single API operation, providing granular control at the API level.

For example, the VM:PowerOn permission is tied to the VM:PowerOn API. This allows administrators to create custom roles with specific permissions. Prism Central offers two types of roles:

  • System-defined roles: Predefined roles for common administrative tasks such as VM admin, network admin, Prism admin, and Prism viewer. These roles cover common use cases and simplify initial setup. 

  • Custom roles: Custom roles you can build from scratch by selecting specific operations or by cloning and modifying existing system-defined roles to match your requirements.

Scope

The Scope defines a set or group of resources that the role or permissions are applied to. This can include specific clusters, VMs with certain tags, projects, or categories. Here are some examples:

User A can perform [Role/Operations/Permissions] VM:PowerOn only to [scope] VMs that are tagged with [Category] type=Production.

User B can perform [Role/Operations/Permissions] the Cluster:Add, Cluster:Delete, Cluster:Update only to [scope] Cluster_A, Cluster_B.

Users

Prism Central supports administrators assigning access to local users, Active Directory users and groups to specific policies. This flexibility enables you to integrate with existing authentication infrastructure and manage access for individual users or groups of users. 

With fine-grained RBAC and robust authorization policies, Nutanix Prism Central helps how  organizations approach access control by delivering security as well as strategic agility. 

Tailored to your operational needs, the specific, role-based access of Prism Central empowers IT teams to enforce compliance and manage risk and responsiveness across hybrid and multicloud environments.

Whether you’re managing a sprawling global infrastructure or local environment, Nutanix Prism Central adapts to your needs seamlessly and allows you to ensure that the right individuals have the right level of access, to the right resources, at the right time. 

To learn more about Nutanix Prism Central, visit Nutanix.com/Prism and take the Prism Test Drive.

©2025 Nutanix, Inc. All rights reserved. Nutanix, the Nutanix logo,  and all Nutanix product, feature and service names mentioned herein are registered trademarks or trademarks of Nutanix, Inc. in the United States and other countries. Other brand names mentioned herein are for identification purposes only and may be the trademarks of their respective holder(s).