VMware NSX 

This is expected behavior. Non-system users cannot be granted permissions for Manager API-based features. Any attempt to assign permissions for features required by the Management APIs automatically reverts to "None." This restriction applies to both direct permission modifications and custom roles cloned from existing system roles.

1. Utilize the built-in, default Enterprise Admin system role for any tasks requiring access to Manager mode features or Management APIs.
   
   
2. Note that it is not supported to grant the necessary permissions through a custom role to enable the use of Management APIs or Manager mode UI features.

Custom roles can only be created for features available in the Policy mode. If you clone a role with access to features in the Manager mode, the cloned role provides access only to the Policy mode features.

Unsupported features for users with a custom role include (but are not limited to):

• Upgrade, Migrate, Fabric, TraceFlow, Security Intelligence, and Inventory of Physical Servers and Containers
• System > Configuration > Fabric > Profiles
• System > Configuration > Fabric > Transport Zones
• System > Configuration > Fabric > Settings > Tunnel/Remote and Tunnel Endpoint
• System > Configuration > Identity Firewall AD
• System > Lifecycle Management > Upgrade and Migrate
• System > Settings > User Management, Support Bundle, Proxy Settings, and User Interface Settings

For more details, refer to Create or Manage Custom Roles.