"Access Denied" error when attempting to delete an NSX tier 0 logical router with user assigned custom role
search cancel

"Access Denied" error when attempting to delete an NSX tier 0 logical router with user assigned custom role

book

Article ID: 401301

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • Custom role is created and given Full Access to every category
  • The user with custom role which has Full Access to every category is not able to delete a T0 router. When trying to delete the T0 Router, the UI displays an error "Access Denied ERROR CODE 403":

Cause

The custom role with Full Access to every category is missing some permissions that prevent from deleting T0 Router.

Resolution

This is a known issue impacting VMware NSX.

Workaround:

You can use pre-defined roles that would allow the user to remove T0 Router. Pre-defined roles that would allow to delete T0 Router would be Network Admin and Network Operator. 

  • Go to System in the NSX UI.
  • Go to User Management tab.
  • Click on 3 dots next to the username and click on Edit.
  • Click on the number under Roles.
  • Add the Network Admin and Network Operator Roles and set scope:
  • Click on Apply.
Powered by Wolken Software