Configure Service Account Permissions for the VMware Aria Automation to NSX Integration on the VI Workload Domain NSX Manager Cluster for Private Cloud Automation

To provide the necessary privileges and permissions to the service account for the VMware Aria Automation to NSX integration, you assign the Enterprise administrator role in the VI workload domain NSX Manager cluster to the integration account.

Note: For an environment with NSX Federation, you configure the service account permissions on the VI workload domain NSX Local Manager clusters.

UI Procedure

Log in to the NSX Manager cluster for the VI workload domain at https://<vi_workload_nsx_manager_fqdn>/login.jsp?local=true as admin.
On the main navigation bar, click System.
In the left pane, select Settings > User management.
For VMware Cloud Foundation 4.x, on the User role assignment tab, from the Add drop-down menu, select Role assignment for LDAP.
For VMware Cloud Foundation 5.x, on the User role assignment tab, from the Add role for providers drop-down menu, select LDAP.
In the Search user/user group text box, enter the service account for the VMware Aria Automation to NSX Integration according to your VMware Cloud Foundation Planning and Preparation Workbook.
For VMware Cloud Foundation 4.x, from the Select roles drop-down menu, select Enterprise admin and click Save.
For VMware Cloud Foundation 5.x, add the Enterprise admin role to the service account.
1. In the Roles column, click Set.
  The Set roles / scope dialog box opens.
2. Click Add role and, from the Select role drop-down menu, select Enterprise admin.
3. Click Add and click Apply.
4. Click Save.
Repeat the procedure for each VI workload domain NSX Manager cluster.

PowerShell Procedure

Start PowerShell.

Replace the values in the sample code with values from your VMware Cloud Foundation Planning and Preparation Workbook and run the commands in the PowerShell console.

$sddcManagerFqdn = "sfo-vcf01.sfo.rainpole.io"
$sddcManagerUser = "[email protected]"
$sddcManagerPass = "VMw@re1!"

$sddcDomainName = "sfo-w01"

$nsxAssemblerUser = "[email protected]"

Perform the configuration by running the command in the PowerShell console.

Add-NsxtLdapRole -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -domain $sddcDomainName -type user -principal $nsxAssemblerUser -role enterprise_admin