You can view the principal identities that are managed by NSX Manager.

A principal can be an NSX-T component or a third-party application such as an OpenStack product. By creating an identity, a principal can use the identity name to create an object and ensure that only an entity with the same identity name can modify or delete the object. Note that an enterprise administrator can modify or delete any object. If the object was created with a principal name, a warning will indicate that. The administrator must acknowledge the warning before the operation can proceed.

A principal can create multiple identities. The combination of principal name and node ID must be unique. Different identities with the same name can access objects created with that name. Each identity has an associated permission group: read_write_api_users, read_only_api_users, or superusers.

A principal identity can only be created or deleted using the NSX-T API. For more information, see the NSX-T API Reference.


  1. From your browser, log in to an NSX Manager at https://nsx-manager-ip-address.
  2. Select System > Users from the navigation panel.
  3. Click the Principal Identities tab.