Can't assign new user role in NSX Manager
search cancel

Can't assign new user role in NSX Manager

book

Article ID: 325423

calendar_today

Updated On:

Products

VMware NSX Networking

Issue/Introduction

Symptoms:
When assigning a new role to a User or Group in the NSX Manager, it fails with error: Invalid Parameter(s) referencing a NSX-T Logical Switch.



NSX Manager logs: 
2019-03-25 16:36:50.313 GMT WARN http-nio-127.0.0.1-7441-exec-7 RemoteInvocationTraceInterceptor:88 - Processing of VsmHttpInvokerServiceExporter remote call resulted in fatal exception: com.vmware.vshield.vsm.usermgmt.facade.UserMgmtFacade.addUserRole InvalidParameterException: core-services:408:Invalid Parameter(s) - network-o2364.
        at com.vmware.vshield.vsm.usermgmt.utils.UserMgmtUtils.validateResource(UserMgmtUtils.java:266)
        at com.vmware.vshield.vsm.usermgmt.utils.UserMgmtUtils.validateRole(UserMgmtUtils.java:237)
        at com.vmware.vshield.vsm.usermgmt.service.UserMgmtServiceImpl.addRoleToVcUserOrGroup(UserMgmtServiceImpl.java:324)
        at com.vmware.vshield.vsm.usermgmt.service.UserMgmtServiceImpl.addVcUserRole_aroundBody24(UserMgmtServiceImpl.java:316)
        at com.vmware.vshield.vsm.usermgmt.service.UserMgmtServiceImpl$AjcClosure25.run(UserMgmtServiceImpl.java:1)
        at org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
        at com.vmware.vshield.vsm.aspects.security.VsmSecuredAspect.secureCheck(VsmSecuredAspect.java:134)
        at com.vmware.vshield.vsm.aspects.security.VsmSecuredAspect.ajc$inlineAccessMethod$com_vmware_vshield_vsm_aspects_security_VsmSecuredAspect$com_vmware_vshield_vsm_aspects_security_VsmSecuredAspect$secureCheck(VsmSecuredAspect.java:1)
        at com.vmware.vshield.vsm.aspects.security.VsmSecuredAspect.secure(VsmSecuredAspect.java:66)
        at com.vmware.vshield.vsm.usermgmt.service.UserMgmtServiceImpl.addVcUserRole_aroundBody26(UserMgmtServiceImpl.java:315)
        at com.vmware.vshield.vsm.usermgmt.service.UserMgmtServiceImpl$AjcClosure27.run(UserMgmtServiceImpl.java:1)
        at org.springframework.transaction.aspectj.AbstractTransactionAspect.ajc$around$org_springframework_transaction_aspectj_AbstractTransactionAspect$1$2a73e96cproceed(AbstractTransactionAspect.aj:66)
        at org.springframework.transaction.aspectj.AbstractTransactionAspect$AbstractTransactionAspect$1.proceedWithInvocation(AbstractTransactionAspect.aj:72)
        at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:282)
        at org.springframework.transaction.aspectj.AbstractTransactionAspect.ajc$around$org_springframework_transaction_aspectj_AbstractTransactionAspect$1$2a73e96c(AbstractTransactionAspect.aj:70)

This issue only affects the following roles:
  • Security Engineers
  • Security Administrator
  • Auditor


Cause

This issue happens when NSX for vSphere and NSX-T are linked to the same vCenter.
The NSX-T logical switches information are coming to NSX-V through the Inventory Service.
Resources are validated during user role assignment. NSX-T logical switches cause resource validation failure. Resulting in a user role assignment failure.

Resolution

This issue is fixed in NSX 6.4.6.

Workaround:
To work around this issue if you do not want to upgrade, file a support request with VMware Support and note this Knowledge Base article ID (67867) in the problem description.

Powered by Wolken Software