vSphere

 View Only

  • 1.  Group level roles not propagating to user

    Posted Aug 03, 2018 03:51 AM

    We are implementing RBAC in our plugin where,

    I am having a user group with an admin role assigned to it in my vCenter.

    I have added a user to this user-group, however, the admin role is not getting propagated to the user, instead,

    it requires to assign the admin role to this user individually in order to reflect the admin role.

    Query:-

    Does this behavior is expected or am I missing any step here in between.?



  • 2.  RE: Group level roles not propagating to user

    Broadcom Employee
    Posted Aug 03, 2018 08:16 AM

    Hi,

     

    Can you please share the version of vSphere Client that you are using?

     

    I have tried the following on vSphere 6.7 an it worked:

    - Created a new group with admin role (Check the option "Propagate to children")

    - Create a new user

    - Add the user as a member to the group

    - Verify that the user has admin privileges

    - Change the role of the group to read-only

    - Verify that the user has read-only privileges

    - Add new user to the same group

    - Verify that the new user has read-only privileges

     

    Best Regards,

    Denis



  • 3.  RE: Group level roles not propagating to user

    Posted Aug 03, 2018 10:46 AM

    I am using vSphere 6.5 and accessing roles from API's instead UI.



  • 4.  RE: Group level roles not propagating to user

    Posted Aug 06, 2018 11:51 AM

    I am using VMWare API retrieveEntityPermissions to retrieve permission list as follows:-

    permissionList = vmConnection.getVimPort().retrieveEntityPermissions(vmConnection.getServiceContent().getAuthorizationManager(), mobEntity, true);

    In the permissionList response, I am checking principal field to check against my logged in user ID to filter and retrieve the permission as follows in debug mode

     

    Above code is working fine as long as the role is assigned to the user individually  when I removed the role from the user and assigned to a Group as explained in the query ,this is not working

    i am not getting permissionList containing principal field matching to my logged in user.



  • 5.  RE: Group level roles not propagating to user

    Broadcom Employee
    Posted Aug 19, 2018 05:23 PM

    Hi Abishek,

    You'd be able to get more help for this issue on the vSphere Web Services SDK forum or the general vSphere forum.

    Best,

    Tony



  • 6.  RE: Group level roles not propagating to user

    Posted Aug 20, 2018 06:11 AM

    Thanks for the reply.

    Can you please share the link/url for vSphere Web Services SDK forum or the general vSphere forum as I tried searching it and end up with this forum itself.

    I have Tagged this post as web service SDK instead.



  • 7.  RE: Group level roles not propagating to user

    Broadcom Employee
    Posted Aug 20, 2018 06:39 AM

    Hi,

     

    Here is a link to the vSphere Management SDK Forum: https://code.vmware.com/forums/2416/vsphere-management-sdk

     

    Best Regards,

    Denis



  • 8.  RE: Group level roles not propagating to user

    Posted Aug 20, 2018 07:20 AM

    Thanks Denis.

    opened a thread as suggested to the respective forum.

    vSphere Management SDK Forum - VMware {code}