Cannot add/delete a NSX Manager CLI user
search cancel

Cannot add/delete a NSX Manager CLI user

book

Article ID: 325732

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

Symptoms:
  • Unable to delete an existing NSX CLI user.

    nsx-mgr(config)# no user user1
    ERROR: Could not delete user: user1
     
  • Unable to add the NSX CLI user.

    nsx-mgr(config)# user user1 password plaintext abcd1234
    Failed to add user. Note: You cannot use this command to change the passwd of an existing user.
    ERROR: could not add user:user1

Cause:

This issue occurs when the user is assigned with web-interface Privileges.


Environment

VMware NSX for vSphere 6.2.x
VMware NSX for vSphere 6.4.x
VMware NSX for vSphere 6.1.x
VMware NSX for vSphere 6.3.x

Resolution

To resolve this:

  1. negate the privilege given to the user.

    nsx-mgr(config)# no user user1 privilege web-interface
     
  2. Delete the User.
    nsx-mgr(config)# no user user1
     
  3. Add the user with proper credentials.
    nsx-mgr(config)# user user1 password plaintext abcd1234
     
  4. If you are unable to view the NSX CLI user from NSX Manager > Manage > Users

    Run the POST API call to assign NSX Role to CLI user:

    URL: https://nsxm-ip/api/2.0/services/usermgmt/role/user1?isCli=true
    Body:

    <accessControlEntry>
    <role>new_role</role>
    <resource>
    <resourceId>resource-num</resourceId>
    ...
    </resource>
    </accessControlEntry>

    Note: Possible roles are super_user, vshield_admin, enterprise_admin, security_admin, and auditor.

 

For more information on the API, see NSX API guide:

NSX 6.2 API guide

NSX 6.3 API guide