Re: NSX Manager - User Account

rajeevsrikant · ‎01-02-2018

I am planning to use Power NSX to automate few of my NSX DFW policies.

At present I have the admin account with NSX Manager.

Is there any way I can create separate account for NSX Manager with less privileage than Admin account which allows only to execute policies related to DFW,

I am using NSX 6.3.2

When checked what i observed is that in NSX Manager it is possible to create account which has access to web interface.

Let me know any one has any inputs regarding this.

A13x · ‎01-03-2018

Could you not just create either a local @vsphere or assign a domain account with the Security Administrator permission. this will allow the account to have security permissions only and not have the operational permissions the enterprise or nsx admin has

rajeevsrikant · ‎01-03-2018

Thnx for your inputs.

But my understanding is that that will have rights to login to the vCenter with less privilege access.

But the Power NSX which I will be using accounts of NSX Manager. Let me know if this is feasible.

rajeevsrikant · ‎01-14-2018

Any inputs ?

Floki00 · ‎01-16-2018

Hi Raj, you can create accounts via the NSX Manager and assign the roles viaa API call.

VMware Knowledge Base

DaleCoghlan · ‎01-22-2018

PowerNSX allows you to connect using a local NSX Manager account OR via a vCenter/SSO account.

You can see the different connection methods with the following command:

Get-Help Connect-NsxServer -Examples

PS /Users/dcoghlan> get-help connect-nsxserver -examples

<< SNIP >>

-------------------------- EXAMPLE 3 --------------------------

PS C:\>Connect-NsxServer -vCenterServer vcenter.corp.local -username me@vsphere.local -password secret

Connect to vCenter server vcenter.corp.local using the SSO credentials in

-username and -password to determine the NSX server IP and return an

appropriate connection object.

The credentials specified in -credential are used for both vCenter connection

(if not already established) AND SSO authentication to NSX server.

A13x · ‎01-30-2018

Please use the following KB as it details how to create a local user and assign it permissions. This user account depending on the level of access you require can be used for cli

VMware Knowledge Base

Change the role access to whatever level of access you require

rajeevsrikant · ‎02-04-2018

Thanks.

I understand that by creating the below account there will be additional user with web-interface privilege.

user api_username privilege web-interface

Let me know what will be the difference between this account & the admin account.

what are the privilege difference between these accounts.

A13x · ‎02-05-2018

web-interface - assumption that this is required to access nsx via the web. The role permissions happen after as per the KB. Each possible role has certain permissions. auditor for example is readonly

possible roles:

super_user (System Administrator)

vshield_admin (NSX Administrator)

enterprise_admin(Enterprise Admin)

security_admin (Security Administrator)

auditor (Auditor)

rajeevsrikant · ‎02-05-2018

Thanks.

So you mean to say that I need to create the user name & then associate the with web interface & set the privilege to security admin

So with this privilege it will have only the access to NSX firewall policy changes ?

Floki00 · ‎02-05-2018

Hi Raj,

I told you this 3 weeks ago, you didn't even bother to read the posting, which is somewhat self defeating, why should people bother!!

Hi Raj, you can create accounts via the NSX Manager and assign the roles viaa API call.

VMware Knowledge Base

Clear as daylight, you can create the account you need via API call as stated in the link above and set this to security admin role which handles Firewall related stuff!!

sheeesh!!

All

NSX Manager - User Account