• A custom role has been cloned from the Enterprise Admin role, with the same privileges as Enterprise Admin.
• The role has been assigned to either a remote user or a local user.
• API calls using the custom role, fail with a 403 HTTP response code.
• The API contains api/v1/fabric in the path, such as /api/v1/fabric/virtual-machines?action=update_tags.
• In the NSX manager logs /var/log/syslog, the following error are seen:

NSX 101522 SYSTEM [nsx@6876 audit="true" comp="nsx-manager" level="INFO" subcomp="cm-inventory"] UserName:'################' ModuleName:'common-services' Operation:'POST@/api/v1/fabric/virtual-machines' Operation status: 'failure' Error: User is not authorized to perform this operation on the application. Please contact the system administrator to get access.

Management Plane mode is being depreciated and it is advised to use Policy API calls, also, there are certain internal features which do not work with custom roles, such as any beginning with /api/v1/fabric/.

Note: Policy API calls begin with /policy/ and Management Plane (MP) API calls begin with /api/.

Use an appropriate Policy API call when using a custom role.

For example, for the MP API call: /api/v1/fabric/virtual-machines?action=update_tags

Either of the below Policy API's can be used:

/policy/api/v1/infra/realized-state/virtual-machines/{virtual-machine-id}/tags

/policy/api/v1/infra/realized-state/virtual-machines/<vm-id>/tags?enforcement_point_path=/infra/sites/default/enforcement-points/default

Note: See the API guide NSX-T Data Center REST API for details on how to use these API calls.

If you are contacting Broadcom support about this issue, please provide the following:

• NSX Manager support bundles.
• Text of any error messages seen in NSX GUI or command lines pertinent to the investigation.

Handling Log Bundles for offline review with Broadcom support:

• Collect Support Bundles for Troubleshooting VMware NSX
• Uploading files to cases on the Broadcom Support Portal
• Creating and managing Broadcom support cases