To provide a workaround to the users who want to use non-admin users to create GRE tunnel via API call.
Symptoms:
- Users cannot create GRE tunnels via API call with non admin users.
- Error seen while executing the API call :
// User is not authorized to access object edge-Id and feature edge.tunnel,
please check object access scope and feature permissions for the user.//
In vsm.log on NSX manager you will see similar logs :
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
2020-03-26 16:04:13.894 GMT ERROR http-nio-127.0.0.1-7441-exec-14 BaseRestController:521 - - [nsxv@6876 comp="nsx-manager" level="ERROR" subcomp="manager"] REST API failed : 'User is not
authorized to access object edge-3 and feature edge.tunnel, please check object access scope and feature permissions for the user.'
com.vmware.vshield.vsm.exceptions.AccessDeniedException: null
at com.vmware.vshield.vsm.aspects.security.VsmSecuredAspect.secureCheck(VsmSecuredAspect.java:130) ~[vsm-core-1.0.jar:?]++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++