VMware {code} Community
abhishekdubey
Enthusiast
Enthusiast

Group level roles not propagating to user

We are implementing RBAC in our plugin where,

I am using vSphere 6.5 and accessing roles from API's instead UI.

I am having a user group with an admin role assigned to it in my vCenter.

I have added a user to this user-group, however, the admin role is not getting propagated to the user, instead,

it requires to assign the admin role to this user individually in order to reflect the admin role.

 

Query:-

Does this behavior is expected or am I missing any step here in between.?

 

 

 

 

 

 

 

I am using VMWare API retrieveEntityPermissions to retrieve permission list as follows:-

permissionList = vmConnection.getVimPort().retrieveEntityPermissions(vmConnection.getServiceContent().getAuthorizationManager(), mobEntity, true);

 

In the permissionList response, I am checking principal field to check against my logged in user ID to filter and retrieve the permission as follows in debug mode

 

253897_253897.pngpastedImage_1.png 

 

 

 

 

Above code is working fine as long as the role is assigned to the user individually  when I removed the role from the user and assigned to a Group as explained in the query, this is not working

i am not getting permissionList containing principal field matching to my logged in user.

Reply
0 Kudos
1 Reply
Yang711
Enthusiast
Enthusiast

I have the same problem, but is it already solved?

If you can solve it, please let me know.

Reply
0 Kudos