I'm trying to register a new endpoint type from vRO with the following code:
var restClient = vRAhost.createRestClient("com.vmware.csp.core.endpoint.configuration.api");
restClient.put("/categories/" + categoryId, JSON.stringify(category));
The type of vRAhost is vCACCAFE:VCACHost. When vRAhost tenant is the default vsphere.local with a user having tenant and IaaS admin permissions in the same tenant, the above code runs fine registering the new category.
When I try to run this against a vRAhost registered with another tenant, I get 403 permission denied whatever user I try.
The Endpoint Configuration Service API Specification writes:
User Roles and Permissions
Different user roles have different permissions for working with endpoints.
Endpoint Type Operations and Endpoint Type Categories
The following user roles have permission for the following:
GET - IaaS Administrators, vRA Administrators, Solution Users.
PUT/POST/DELETE - vRA Administrators, Solution Users.
So the user should belong to vRA Administrators group, but I'm not sure what exact group is referred here? Tenant/IaaS/... admin? Or is this allowed for the vsphere.local tenant admin only?