TL-DR: See below for details on these commands
Create a local user in the NSX Manager’s CLI, then use the API to grant CLI privileges to that user.
Here’s how using a linux machine:
ssh admin@[nsxmanagerIP]
enable
config t
user vrops-readonly password plaintext notrealpassword
user vrops-readonly privilege web-interface
Log out of the NSX Manager (type exit) and stay logged into the linux machine.
Create cli-auditor.xml that contains this (replace brackets with greater/less than):
[?xml version="1.0" encoding="ISO-8859-1" ?]
[accessControlEntry]
[role]auditor[/role]
[resource]
[resourceId]globalroot-0[/resourceId]
[/resource]
[/accessControlEntry]
Add the user as an auditor in the NSX Manager as a CLI user:
curl -i -k -u 'admin:password' -H "Content-Type: application/xml" -X POST --data "@cli-auditor.xml" https://nsxmanagerip/api/2.0/services/usermgmt/role/vrops-readonly?isCli=true
Add your domain/vCenter user as an auditor in the NSX Manager (NOT as a CLI user):
curl -i -k -u 'admin:password' -H "Content-Type: application/xml" -X POST --data "@cli-auditor.xml" https://nsxmanagerip/api/2.0/services/usermgmt/role/[email protected]?isCli=false