Use the 'Network Engineer' role and create a Service Account user . This user is used by the Controller to interact with NSX Manager cluster and provide lifecycle management for the Service Engines.

Table 1. Design Decisions for NSX-T Data Center Access Control for NSX Advanced Load Balancer Controller

Decision ID

Design Decision

Design Justification

Design Implication


Create or use an NSX-T Manager cluster User/ Role with password with the described privileges.


It is recommended not to use the local ‘admin’ user of NSX-T Data Center.

Required for the Controller to perform lifecycle management of the Service Engines.


Update the NSX-T User Credential on the Controller when password for this user account is rotated.