User with custom role is unexpectedly logged out from NSX UI
Article ID: 323543
Updated On:
Products
VMware NSX Networking
Issue/Introduction
Symptoms:
- NSX Data Center
- User (local/LDAP/VIDM) is setup with custom role
- Custom role set with full access (crud) permission "Networking - Connectivity - Tier-1 Gateways".
- The other permissions are read only (read).
- When this user attempts to delete the Tier-1, they get logged out with:
Environment
VMware NSX-T Data Center
Cause
This is a known issue, impacting NSX 4.0.x and 4.1.x.
When a Tier-1 gateway is created, it's security configuration is also created, and user needs additional permission to delete it.
When a Tier-1 gateway is created, it's security configuration is also created, and user needs additional permission to delete it.
Resolution
This is resolved in NSX 4.2.
Workaround:
Permission required to modify security configuration is full access (crud) is policy_edge_security_settings. This policy needs to be added to the custom role to allow deletion of the Tier-1 gateway.
This is configurable in "User Management" section, in "Set Permissions": Security -> Settings -> Gateway Security Settings -> Full Access.
Workaround:
Permission required to modify security configuration is full access (crud) is policy_edge_security_settings. This policy needs to be added to the custom role to allow deletion of the Tier-1 gateway.
This is configurable in "User Management" section, in "Set Permissions": Security -> Settings -> Gateway Security Settings -> Full Access.
Additional Information
Impact/Risks:
User may be unable to delete a Tier-1 gateway.
When deletion is attempted, user gets logged out of NSX UI.
User may be unable to delete a Tier-1 gateway.
When deletion is attempted, user gets logged out of NSX UI.
Feedback
Yes
No
Powered by
