I am running vRA 7.0 with NSX 6.2.4.
Users are unable to request blueprints that contain vRA created NSX networks. vRA admins can successfully deploy VMs from the same blueprint.
The user request fails with the following error.
Request [cfa66fb7-8fae-4f65-90a0-7252b018473c]: System exception.; HTTP/1.1 403 Forbidden : <?xml version="1.0" encoding="utf-8"?><m:error xmlns:m="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata"><m:code /><m:message xml:lang="en-US">Access denied (XXXXXXXXXXXXXXXXXXXX). Entity AddressGroup</m:message><m:innererror><m:message>Exception has been thrown by the target of an invocation.</m:message><m:type>System.Reflection.TargetInvocationException</m:type><m:stacktrace> at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
 at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments)
 at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
 at System.Data.Services.DataServiceConfiguration.ComposeResourceContainer(IDataService service, ResourceSetWrapper container, Expression queryExpression)</m:stacktrace><m:internalexception><m:message>Access denied (xxxxxxxxxxxxxxxxxxxxxxx). Entity AddressGroup</m:message><m:type>System.Data.Services.DataServiceException</m:type><m:stacktrace> at DynamicOps.Repository.Runtime.ServiceModel.Data.RepositoryDataService`2.InternalOnQueryEntity[TEntity](Int32 entityId)</m:stacktrace></m:internalexception></m:innererror></m:error>
I see the following error in the catalina.out log.
2017-01-19 14:55:45,463 vcac: [component="cafe:iaas-proxy" priority="ERROR" thread="tomcat-http--42" tenant="studenttestvdc" context="pG0M4x81" token="z6TRzp6S"] com.vmware.vcac.iaas.controller.CompositionCallbackController.allocateComponent:95 - AllocateComponent failed for request [Composition RequestId: [null], CompTypeId: [Infrastructure.Network.Gateway.NSX.Edge], BlueprintId: [comp204], CompId: [NSX Edge], BlueprintRequestId: [2a53eadd-a046-4311-94c0-f818f0d3083e], SubtenantId: [79fc3c80-b53d-4651-b546-550e9776e0bd]]
Any idea what permissions my users maybe lacking?
I should add, the users with this issue are entitled to the catalog item. If I recreate the a new catalog item and leave out the automated routed network, the request complete successfully.