Could you not just create either a local @vsphere or assign a domain account with the Security Administrator permission. this will allow the account to have security permissions only and not have the operational permissions the enterprise or nsx admin has
Thnx for your inputs.
But my understanding is that that will have rights to login to the vCenter with less privilege access.
But the Power NSX which I will be using accounts of NSX Manager. Let me know if this is feasible.
Any inputs ?
PowerNSX allows you to connect using a local NSX Manager account OR via a vCenter/SSO account.
You can see the different connection methods with the following command:
- Get-Help Connect-NsxServer -Examples
PS /Users/dcoghlan> get-help connect-nsxserver -examples
<< SNIP >>
-------------------------- EXAMPLE 3 --------------------------
PS C:\>Connect-NsxServer -vCenterServer vcenter.corp.local -username firstname.lastname@example.org -password secret
Connect to vCenter server vcenter.corp.local using the SSO credentials in
-username and -password to determine the NSX server IP and return an
appropriate connection object.
The credentials specified in -credential are used for both vCenter connection
(if not already established) AND SSO authentication to NSX server.
Please use the following KB as it details how to create a local user and assign it permissions. This user account depending on the level of access you require can be used for cli
Change the role access to whatever level of access you require
I understand that by creating the below account there will be additional user with web-interface privilege.
user api_username privilege web-interface
Let me know what will be the difference between this account & the admin account.
what are the privilege difference between these accounts.
web-interface - assumption that this is required to access nsx via the web. The role permissions happen after as per the KB. Each possible role has certain permissions. auditor for example is readonly
So you mean to say that I need to create the user name & then associate the with web interface & set the privilege to security admin
So with this privilege it will have only the access to NSX firewall policy changes ?
I told you this 3 weeks ago, you didn't even bother to read the posting, which is somewhat self defeating, why should people bother!!
Hi Raj, you can create accounts via the NSX Manager and assign the roles viaa API call.
Clear as daylight, you can create the account you need via API call as stated in the link above and set this to security admin role which handles Firewall related stuff!!