/var/log/gmanager/gmanager.log
on Global ManagerSearch attempt log using a Domain user:
2024-06-05T02:49:42.711Z INFO http-nio-127.0.0.1-64440-exec-80 RuleQueryBuilder 3977669 - [nsx@6876 comp="global-manager" level="INFO" reqId="6fa1569c-b7e0-490f-b911-2d7ad0cd630f" subcomp="global-manager" username="<[email protected]>"] updateRuleQueryForGroupingObjects groupingObjFilter FirewallFilterDto{filterColumn='SOURCE', filterValue='[10.0.0.0]', filterObjectType='IP', caseSensitive='false'} and firewallType Optional[SecurityPolicy]
Search operation failed:
2024-06-05T02:49:42.716Z ERROR RuleQueryBuilder-46-1 UserInfoUtil 3977669 SYSTEM [nsx@6876 comp="global-manager" errorCode="MP401" level="ERROR" subcomp="global-manager"] User <[email protected]> with groups [] and incoming roles null is not authorized to access API with rbac_feature policy_grouping having required_permission read.
VMware NSX 4.1.x
Permission evaluation fails during IP address/VM name search operations on Global Manager.
Currently there is no resolution of this issue. Fix for this issue will be present on a future NSX release.
Workaround
Users can utilize the site-switcher from Global Manager UI to navigate to the individual Local Managers and search on the DFW page of the Local Manager directly. Alternatively, local user "admin" on Global Manager can be used to perform this search operation successfully.