0 Replies Latest reply on Aug 20, 2018 12:16 AM by abhishekdubey

    Group level roles not propagating to user

    abhishekdubey Enthusiast

      We are implementing RBAC in our plugin where,

      I am using vSphere 6.5 and accessing roles from API's instead UI.

      I am having a user group with an admin role assigned to it in my vCenter.

      I have added a user to this user-group, however, the admin role is not getting propagated to the user, instead,

      it requires to assign the admin role to this user individually in order to reflect the admin role.



      Does this behavior is expected or am I missing any step here in between.?








      I am using VMWare API retrieveEntityPermissions to retrieve permission list as follows:-

      permissionList = vmConnection.getVimPort().retrieveEntityPermissions(vmConnection.getServiceContent().getAuthorizationManager(), mobEntity, true);


      In the permissionList response, I am checking principal field to check against my logged in user ID to filter and retrieve the permission as follows in debug mode







      Above code is working fine as long as the role is assigned to the user individually  when I removed the role from the user and assigned to a Group as explained in the query, this is not working

      i am not getting permissionList containing principal field matching to my logged in user.