Use the instructions in this documentation to add user role assignments for an NSX VPC from the User Management page.

The User Management page is available only to the Enterprise Admin. Project Admin and VPC Admin cannot use this page even if an Enterprise Admin has granted them permissions to do user role assignments.

The following procedure explains the steps for adding role assignments in NSX VPCs for local user accounts and LDAP user accounts. The steps to add role assignments for vIDM and OpenID Connect user accounts are almost similar, and therefore not covered in this procedure.

Prerequisites

User accounts are created. For example:
  • Local user accounts are added in the system and they are activated.
  • NSX Manager is configured to authenticate users from any of these identity management providers:
    • VMware Identity Manager (vIDM)
    • LDAP-based directory service, for example, Active Directory.
    • OpenID Connect (starting in NSX 4.1.2)

Procedure

  1. From your browser, log in to an NSX Manager at https://nsx-manager-ip-address.
  2. Navigate to System > User Management.
    The User Role Assignment tab is displayed.
  3. To add role assignments in NSX VPCs for a local user account, do these steps:
    1. Next to the local user account name, click Actions menu., and then click Edit.
    2. Click the link under the Roles column.
      The Set Roles/Scope dialog box opens.
    3. Click Add Role, and then select any one of these roles to assign to the local user:
      • VPC Admin
      • Network Admin
      • Security Admin
      • Network Operator
      • Security Operator
    4. Under the Scope column, click Set.

      You can set the scope to one or more NSX VPCs.

    5. Click Add, and then click Apply.
    6. Click Apply again to close the Set Roles/Scope dialog box.
    7. Click Save to save the role assignment.
  4. To add role assignments in NSX VPCs for an LDAP user account, do these steps:
    1. Ensure that you are in the User Role Assignment tab.
    2. Click Add Role for LDAP User.

      Add Role for LDAP User button is highlighted on the User Role Assignment page.

      If you have configured NSX Manager to authenticate users from all supported identity service providers (LDAP, vIDM, and OpenID Connect), the button caption is as shown in the following screen capture.


      Add Role for Providers button is highlighted on the User Role Assignment page.
    3. Select a domain from the drop-down menu.
    4. Enter the first few characters of the user or group name.

      System displays a list of matching user or group names. Select a user or a group name from the list.

    5. Under the Roles column, click Set.
      The Set Roles/Scope dialog box opens.
    6. Click Add Role and follow the same process, as explained in steps 3(c) though 3(e), to assign roles to the LDAP user in the NSX VPC.