The principle of least privilege is a critical aspect of access management and should be part of a comprehensive defense-in-depth security strategy. Use as custom role in vSphere with the minimal required privileges for NSX to manage a vCenter Server configured as an NSX compute manager instance. Apply the custom role, group membership, and limit the scope for the NSX SERVICE accounts created in the vCenter Single Sign-On built-in identity provider, vsphere.local.