To restate the title of this discussion:
How can you use the VCSA shell with an SSO (non-local) account?
Another way I could phrase it:
What is the point of accessing the VCSA shell with an SSO account if these accounts don't have any rights to run any commands after logging in?
Obviously, when accessing the VCSA shell with root, you have all the rights in the world, since the local root account is assigned the superAdmins role. It's not best practice to use (or share!) the root account; unique user accounts should be used except in case of dire emergencies. So, I can add new local accounts and assign them to the superAdmins role and they have all the access I might need, which is great, except that it defeats the purpose of having SSO accounts. You need one to login to the web client and another one to login via SSH. Why?
To clarify, although my SSO user account (something like abc@vsphere.local) is a member of every conceivable group (Administrators, SystemConfiguration.Administrators, SystemConfiguration.BashShellAdministrators, etc.), and that user can successfully login via SSH to the Appliance Shell, every command results in an error message. And yes, I've enabled the Bash shell before trying.
Command> shell
Unable to authorize
User 'abc@vsphere.local' is not authorized to run this command
Command> shell.get
Unknown command: `shell.get'
Command> help api list
Session expired.
Someone please tell me I'm missing something and that it's possible to use SSO accounts to access and run commands via the VCSA Appliance and Bash shells. I am very much looking forward to being wrong!
