I am just wondering if someone else has stumbled around this issue in vRO 8 or 8.0.1.
The vRO web client is throwing an error 403 Forbidden when a parameter is passed to an action within the input form in a normal user (=non-admin) context.
If I remove the parameter, the error is not thrown anymore and the action is also being processed. So it seems somehow to be related to the passed parameter.
But it is independet to the parameter value. So if I pass a constant value or a binded field value the error is thrown anyway.
In vRO admin context everything just works, but if i login as a user, granted to the workflow and related action in AccessibleBy the error is thrown.
I've attached my sample scenario consisting of 1 workflow and 1 action which is linked in the input form of the workflow.
Both, the workflow and the action are completely static and don't have any interface to the vCenter or another API.
The workflow just logs "hello" and the action returns a static string array, which can be extended by the passed parameter.
The action is called "getStaticNamesTest" and the vRO executes it via this URL which throws the 403 error in user context:
I don't know where to permit the user/group else. I permitted it on the workflow and on the action, which should be enough...
Similar issue where non-admin users get 403 when invoking actions was reported recently and got resolved. Fix should be available with 8.0.2
Meantime fell free to open a customer support request and will work on providing a hot fix for it.
Did not find the attached workflow so created my own. If you provide it I can try also with your test workflow to make sure it is the same use case.
For some reason I was not able to upload the attachment.
I already opened a ticket and got the confirmation that this is currently an issue.
If I receive any valuable feedback, I'll update the thread here
Further I found out, that this issue seems only to exist for string parameters.
If you pass a managed object, the action is called in a different way and it works.