VMware Cloud Community
acavali
Contributor
Contributor

Use different permissions after User Interaction?

I have created a workflow that is trying to allow a user who doesn't have snapshot rights the ability to request a snapshot.

There is a user interaction after the person fills out the form for the snapshot to approve the actual snapshot. What I am noticing is that the snapshot action is using the permissions from the requestor and not from the approver. I have attached an image of what I am talking about.

Is it possible to use other credentials, like those of the approver instead of the requestor to actually perform the snapshot?

Reply
0 Kudos
5 Replies
MauroBonder
VMware Employee
VMware Employee

See this document, maybe helpful http://www.vmware.com/pdf/vi3_vc_roles.pdf

*If you found this information useful, please consider awarding points for "Correct" or "Helpful"*

*Please, don't forget the awarding points for "helpful" and/or "correct" answers. *Por favor, não esqueça de atribuir os pontos se a resposta foi útil ou resolveu o problema.* Thank you/Obrigado
Reply
0 Kudos
acavali
Contributor
Contributor

That actually would only help if I was having problems understanding roles in Virtual Center. I am not. I understand them very well and have decided to not let all users be able to create snapshots. Those users that are not allowed to need to be able to request snapshots to be made; thus the dilemma I am running into.

Reply
0 Kudos
MauroBonder
VMware Employee
VMware Employee

You
can create folders with permissions for each folder, and put them in
some virtual machines, as if it were divided by departments.
And you have the option to create a user with privilege to "Create Snapshot"</span>

*If you found this information useful, please consider awarding points for "Correct" or "Helpful"*

*Please, don't forget the awarding points for "helpful" and/or "correct" answers. *Por favor, não esqueça de atribuir os pontos se a resposta foi útil ou resolveu o problema.* Thank you/Obrigado
Reply
0 Kudos
acavali
Contributor
Contributor

We already have folders created for different departments. If I create a user with the privledge to "Create Snapshot", then they have that right in Virtual Center. I am looking to not allow that.

I think I am looking for someone with Orchestrator specific knowledge to answer my question.

Reply
0 Kudos
Andreas_Diemer
Enthusiast
Enthusiast

Hi acavali,

the Workflow you shown is startetd under the basic user and will run after the admin interaction under this basic account.

You must add a scriptable task after interaction. Inside use workflow.changeCredential(Object_credential) to change the credential of the running Workflow. The keyword "workflow" will be shown in red and represents the workflowtoken of the running workflow.

To create a Credential object use e.g.: var myCredential = new Credential(username , password);

This will change the credentials for the running Workflow to the Credentials given in the credential object.

reagards, Andreas

-


Don't forget: if answers helps, award points

------ for correct and / or useful answers please award points visit http://www.vcoteam.info & http://mighty-virtualization.blogspot.com
Reply
0 Kudos