Hello,
I want to give users of the virtual infrastructure the ability to perform actions in the vcenter for exemple snapshot a VM
I want them to do this action from vco to be able to tag the snapshot description always with same type of informations
in the vCenter web client the user can access the workflow from the orchestrator menu and as a context action
I think context action is the right methode for this type of request but the direct workflow access from the orchestrator menue is still active and if the user start the workflow from this part he have access to all the VMs event those that he does have no permission on
is there a way to deactivate the access for some users to the workflows except by the context action?
First, permission-wise it doesn't matter if the user has launched a workflow from context menu or directly from workflow inventory list/tree.
In the Web Client there is no way to disable all workflow views except context actions. The best you can achieve is to not allow the user to start most workflows (except those you want to put in context menu) by granting correct permissions to the workflows in vRO workflow designer. For example, you can put the workflows you want to be shown in Web Client context menus in a separate workflow folder, then give 'execute' permission on this folder for LDAP groups your users are member of, and revoke 'execute' permission on all other folders. This way, the users will be able to launch only these workflows. Not very elegant solution, but should work.
Note that will also affect the ability to execute the workflows also from vRO workflow designer (if your users have access to it).
Hi Ilian
thanks for your answer but the customers here like to discover the applications they have access to
so as they have access on vcenter only to some folders lanching a workflow in context menu will be only possible in the VMs they own
but if they go to the orchestrator menu they will be able with the same workflow to navigate on the inventory and launch the workflow even on the VMs they do not have access to
OK, it seems you are assuming that launching a workflow from the context menu of some vCenter object (vm, datacenter, etc.) will allow the workflow to be executed only on the context vCenter object. This is simply not true.
There is absolutely NO difference whether you'll start a workflow like 'Create a snapshot' from the context menu or from the inventory. The set of vCenter object you can browse and select for its input will be the same. The only difference is that when you launch the workflow from the context menu, the context object (virtual machine in this case) will be pre-populated in the input field. But if you want, you can open the object chooser for the presentation field and select another vCenter object, different from the one you have right-clicked on.