The process involves two main stages: first, defining the custom role and its permissions, and second, assigning that role to a specific user or group

Creating a Custom Role 

1. Log in to NSX Manager:

   • Open your web browser and navigate to the NSX Manager UI (e.g., https://<nsx-manager-ip-or-fqdn>).
   • Log in with an account that has administrative privileges (e.g., admin or an Enterprise Admin user).

2. Navigate to User & Role Management:

   • In the NSX Manager UI, go to System > Users and Roles > Roles.

3. Add Custom Role:

   • Click the ADD ROLE button.

4. Define Role Details:

   • Name: Enter a unique and descriptive name for your custom role (e.g., DFW_ReadOnly_Viewer, Segment_Manager_and_DHCP_Config).
   • Description: Provide a clear explanation of the role's purpose and the types of operations it allows. This is crucial for documentation and future auditing.

5. Configure Permissions:

   • This is the most critical step. You will select the specific operations this role can perform. Permissions are organized into categories (e.g., Networking, Security, Inventory, Policy, System).
   • Expand Categories: Click the arrow next to a category to expand its list of objects and actions.
   • Select Permissions: For each object type, you can select different permission levels:
     • Read: Allows viewing of the object and its configuration, but no modifications.
     • Read/Write: Allows viewing and modifying the object, but typically not creation or deletion (this can vary slightly depending on the specific object).
     • Manage: Generally grants full Create, Read, Update, and Delete (CRUD) permissions for that object type.
   • Example: Creating a "User Management" Role:
     • Expand System > Setting > User Management.
     • Select Full Access for the User Management and read only for others.
       

    6. Save the Role:

• • Once all desired permissions are selected, click SAVE.
  • The new custom role will appear in the "Roles" list.

Assigning the Custom Role to a User.

1. Navigate to Users:

   • Go to System > Users and Roles > Users.

2. Add User (or Edit Existing):

   • For a New Local User:

     • Click ADD USER.
       
     • Username: Enter the desired username.(for example Test)
       
     • After this click on 3 dots > Activate User 
     • Type > Password (give the desired password for the user)
       
     • In the "User Role Assignment" section, you will be able to see the user created "Test".
     • Edit the "Test User" > Click on roles and "Add Role" from the drop down menu you will be able to see the role created in above steps.
       
       
       
     • Click on "Add" and "Apply" the Role.
     • Now we can see the User have specific Roles " Test-User "
        

   • For an Existing Local User:

     • Select the user from the list and click EDIT.
     • In the "Role Assignment" section, click ADD ROLE ASSIGNMENT.
     • Follow the steps above to assign the custom role

Verification.

1. Log Out: Log out from the NSX Manager UI with the administrative account.
2. Log In with the New User:
   • Log in to the NSX Manager UI using the credentials of the user you just configured with the custom role.
3. Test Permissions:
   • Navigate through the UI and attempt to access areas and perform operations that the custom role should have access to. Confirm that these are available and functional.
   • Attempt to access areas or perform operations that the custom role should NOT have access to. These actions should be blocked, result in an error message, or have the corresponding UI elements grayed out/hidden.
   • Ensure the user's view and capabilities are precisely what was intended by the custom role definition.