Each NSX-T Data Center appliance has four local accounts; admin, audit, and two local guest user accounts. To administer NSX Manager, you must log in as admin.
The admin account is activated after installation; all other accounts require activation including the audit account.
- By default, these two user accounts are not activated. The guestuser1 and guestuser2 accounts have the Auditor role. The cloud_admin and cloud_audit accounts have the Cloud Admin and Cloud Operator roles, respectively. You can change their role assignments.
- Role assignment changes are allowed for the guest users.
- Local user account passwords can be reset by admin or the account owners.
- No additional users can be created. You cannot delete the default users, only deactivate the audit and guest user accounts.
An NSX-T Data Center appliance also has the root user account. You cannot log in to the NSX-T Data Center Manager UI as root, and you cannot manage this account through the NSX-T Data Center Manager UI. The root user can log in to an appliance through the CLI, but cannot use the NSX-T Data Center CLI commands. The root user account cannot be renamed, deactivated, or deleted.
The root user has special privileges. You must not log in to an NSX-T Data Center appliance as root and make changes that are not documented in this guide, except when under the guidance of VMware. Changes made by the root user can cause catastrophic failures. In a production environment, the root password should be secured and made available for privileged access only.
For details on how to manage your local user accounts, including password reset and deactivating users, see Manage Local User Accounts. For additional security-related information about the NSX Manager, see the section "Security" in NSX Manager.
