• A Tenant Organization Admin user not able to toggle (enable or disable) Logging in the NAT, VPN, or Firewall rules under Data Centers > Networking > Edges > Edge gateway > Services
• When modifying the Logging to Enable or Disable, no errors appear, the task succeeds in VMware Cloud Director (VCD) and no change is made in NSX-T and value remains unchanged.
• However, a provider Organization Administrator user  is able to modify the option without issues. 

VMware Cloud Director 10.x

This is a known issue impacting Cloud Director 10.5.x UI. This issue has been resolved in 10.6.x

in 10.6.x, users will now see the error: " Cannot configure system logging, missing right: Organization vDC Gateway: Configure System Logging"

The user will need the permission: "Configure System Logging"  in order to update the logging option. ensure this is pushed from the default rights bundle as shown below: 

To publish relevant rights and roles to org admin for the tenant, follow steps below : 

1. Login to VCD provider
2. Go to Administration -> Right bundles -> Default set of tenant rights
3. Add the right "Configure System Logging" under Networking > Edge Gateway > Manage and publish
4. Go to Administration -> Global roles -> Organization Administrator
5. Enable the right "Configure System Logging" and publish
6. Refresh or re-login to the tenant portal as org admin user
7. Check if the corresponding right is now available
8. Try editing the firewall rule