NSX-T 2.4.0/2.4.1 vIDM user permission issues on the NSX-T Web UI
Article ID: 322590
Updated On:
Products
VMware NSX Networking
Issue/Introduction
Symptoms:
On NSX-T Datacenter 2.4.0
- vIDM User with Enterprise Admin privileges can create objects on the new Simplified UI but cannot Edit or Delete these objects
- vIDM User has fully working permissions on the Advanced UI
- The vIDM user observing the issue has been granted NSX permissions via a group and not directly to the user
On NSX-T Datacenter 2.4.1
- An error appears on the Homepage of the NSX Web Client
"User is not authorized to perform this operation on the application. Please contact the system administrator to get access."
- Configuration Overview on the Networking, Security and Inventory tabs all show "Loading..." but do not load
- Tools, System and Advanced Networking & Security pages all load ok
- The vIDM user observing the issue has been granted NSX permissions via a group and not directly to the user
- Note: In some cases this issue is observed for users who have been granted NSX permissions by direct role assignment. See Workaround section.
On NSX-T Datacenter 2.4.0
- vIDM User with Enterprise Admin privileges can create objects on the new Simplified UI but cannot Edit or Delete these objects
- vIDM User has fully working permissions on the Advanced UI
- The vIDM user observing the issue has been granted NSX permissions via a group and not directly to the user
On NSX-T Datacenter 2.4.1
- An error appears on the Homepage of the NSX Web Client
"User is not authorized to perform this operation on the application. Please contact the system administrator to get access."
- Configuration Overview on the Networking, Security and Inventory tabs all show "Loading..." but do not load
- Tools, System and Advanced Networking & Security pages all load ok
- The vIDM user observing the issue has been granted NSX permissions via a group and not directly to the user
- Note: In some cases this issue is observed for users who have been granted NSX permissions by direct role assignment. See Workaround section.
Environment
VMware NSX-T Data Center 2.x
VMware NSX-T Data Center
VMware NSX-T Data Center
Cause
In NSX-T Data Center 2.4.0 and 2.4.1 the cause of the issue has been identified as a problem when assigning vIDM user permissions via group assignment.
In NSX-T Data Center 2.4.1 the additional issue seen for direct user role assignment is caused by an internal software issue.
In NSX-T Data Center 2.4.1 the additional issue seen for direct user role assignment is caused by an internal software issue.
Resolution
This issue is resolved in NSX-T 2.4.2, available at VMware downloads.
Workaround:
Assign NSX permissions to a vIDM user directly and not via Group assignment.
On NSX-T 2.4.1, in some cases it has been observed the workaround of assigning a role directly to a user is not successful. If you are experiencing this issue, please open a Support Request with VMware referencing this KB and an alternative workaround can be applied.
Workaround:
Assign NSX permissions to a vIDM user directly and not via Group assignment.
On NSX-T 2.4.1, in some cases it has been observed the workaround of assigning a role directly to a user is not successful. If you are experiencing this issue, please open a Support Request with VMware referencing this KB and an alternative workaround can be applied.
Feedback
Yes
No
Powered by
