This section discusses the roles required to be assigned to the NSX-T user. Local user creation is not allowed on NSX-T. The admin can select a VMware Identity Manager (VIDM) or an LDAP user and assign the required roles to it.

Customized role creation is not supported in NSX-T 3.0. So, the user has to be assigned an existing role that has all the permissions required by the Avi Load Balancer NSX-T cloud. In NSX-T 3.1, the Network Engineer role has been renamed as Network Admin. So, use Network Admin instead.

Avi Load Balancer supports Preserve Client IP for NSX-T Overlay. Additional roles of Netx Partner Admin and Security Admin are required for the Preserve Client IP feature to work.

Consider an example in which the role is assigned to a VIDM user. To assign the role,

Procedure

  1. Log in to the NSX-T manager UI as an admin user.
  2. Navigate to System > User and Roles > USERS
  3. Click Add and select Role Assignment for VIDM
  4. Select the Network Engineer role if you are running NSX-T Data Center 3.0.x. Select the NSX Network Admin role if you are running NSX-T Data Center 3.1.x or later..
  5. Click Save.