• NSX-T Global Managers running 3.1.x releases.
• vIDM users cannot properly manage NSX-T Global Managers.
• For vIDM users, some tabs don't load and some actions are not permitted (like generating support bundles) even though these users have the Enterprise Admin Role.
• The vIDM integration shows it is DISABLED when using vIDM users to load the UI, but "ENABLED" when logging in as admin user.
• In Global Manager /var/log/syslog you see lines similar to:

2023-04-19T12:03:41.523Z <mgr-hostname> NSX 3216 - [nsx@6876 comp="nsx-manager" subcomp="node-mgmt" username="root" level="INFO" invalid="true"] Insufficient privileges invoking GET /api/v1/cluster/backups/ui_frames by <vIDM User info> in groups '['ALL USERS', 'ESX Admins@<domain>', 'vSphere Cloud Admins - Local@<domain>']' (<base64 info>) with perms: ''

       where `perms` is expected to have READ/CRUD privileges as per RBAC for user, but found was '' (or none).

Issue is caused by NAPI not having updated "feature role mapping" data, which is made available by RBAC framework to NAPI.

In NSX 3.2 and later releases, the mechanism for NAPI to sync RBAC feature role mapping is changed.

Use the following API request to force sync RBAC role mapping data, executed locally on NAPI port 7441:

curl -v -k -u admin -H "Content-Type:application/json" -X POST http://127.0.0.1:7441/api/v1/node/services/node-mgmt?action=refresh_rbac

or

Restart node-mgmt service:

curl -v -k -u admin -H "Content-Type:application/json" -X POST https://<nsx-mgr>/api/v1/node/services/node-mgmt?action=restart