• A specific role (e.g. Security Admin, Guest Introspection Partner Administration) is used to access NSX for specific API calls.
• User with this role is unable to use the GET API to list virtual machines via /policy/api/v1/infra/realized-state/virtual-machines (ref. NSX-T Data Center REST API guide).
• Impacted users will encounter the error message "User is not authorized to perform this operation on the application. Please contact the system administrator to get access" along with an HTTP status "FORBIDDEN".
• The same API will run successfully for users with the Enterprise Admin role.

VMware NSX-T Data Center 
VMware NSX

Role-based access control (RBAC) feature used for this API is infra_admin, which does not grant the necessary READ permissions to the Security Admin role for the GET /policy/api/v1/infra/realized-state/virtual-machines API.

This is a known issue, which will be resolved in future product release. Currently, there is no resolution.

To workaround this issue, you can use one of the following options:

• List virtual machines using the Fabric API GET /api/v1/fabric/virtual-machines (ref. NSX-T Data Center REST API guide).
• Using the Security Admin role, users can view virtual machines in NSX UI under the "Inventory > Virtual Machines" section.