You can create an NSX user having web interface access using CLI. You can use this user account to access and operate different plug-ins or use it for auditing purposes.

Procedure

  1. Create a CLI user account. You can create a CLI user account for each NSX virtual appliance. To create a CLI user account, perform the following steps:
    1. Log in to the vSphere Web Client, and select an NSX Manager virtual appliance.
    2. Click the Console tab to open a CLI session.
    3. Log in to the CLI session using the Administrator account and password that you specified while installingNSX Manager. For example,
      nsx-mgr> enable
      Password:
      nsx-mgr>
    4. Switch to Privileged mode from Basic mode using the enable command as follows:
      nsx-mgr> enable
      Password:
      nsx-mgr#
    5. Switch to Configuration mode from Privileged mode using the configure terminal command as follows:
      nsx-mgr# configure terminal
      nsx-mgr(config)#
      
    6. Add a CLI user account using the user username password (hash | plaintext) password command. For example,
      nsx-mgr(config)# user cliuser password plaintext abcd1234
      
      
      Note: User name with capital letter is not allowed .
    7. Save the configuration as follows:
      nsx-mgr(config)# write memory
      Configuration saved
      [OK]
      
  2. Now provide web interface privilege which will enable the user to login to NSX Manager virtual appliance and allows the execution of appliance management REST APIs as follows:
    1. Verify that you are in Configuration mode as follows:
      nsx-mgr# configure terminal
      nsx-mgr(config)#
      
    2. Allow the created CLI user to run the REST API calls using the user username privilege web-interface command. For example:
      nsx-mgr(config)# user userName privilege web-interface
      
      nsx-mgr(config)# user cliuser privilege web-interface
      
  3. (Optional) You can verify the running configuration as follows:
    nsx-mgr# show running-config
    Building configuration...
    
    Current configuration:
    !
    user cliuser
    !
    ntp server 192.168.110.1
    !
    ip name server 192.168.110.10
    !
    hostname nsxmgr-01a
    !
    interface mgmt
     ip address 192.168.110.15/24
    !
    ip route 0.0.0.0/0 192.168.110.1
    !
    web-manager
  4. Exit from the CLI session.
    nsx-mgr#(config)# exit
    nsx-mgr# exit
    The created user is not listed in the Networking & Security > System > Users and Domains > Users tab. Also, no role is assigned to the user.
  5. Assign the required role to the user using the REST API. You can assign auditor (Auditor), security_admin (Security Administrator), or super_user (System Administrator) role as follows:
    POST - https://<NSX-IP>/api/2.0/services/usermgmt/role/<username>?isCli=true
    <accessControlEntry>
    <role>auditor</role> # Enter the required role #
    <resource>
    <resourceId>globalroot-0</resourceId>
    </resource>
    </accessControlEntry>

Results

The NSX CLI user is created with web interface access.

What to do next

You can log in to vSphere Web Client using the credentials provided while creating the user.

For more information on CLI, refer to NSX Command Line Interface Reference.

For more information on API, refer to NSX API Guide.