VMware {code} Community
abhishekdubey
Enthusiast
Enthusiast
‎08-02-2018 08:50 PM

Group level roles not propagating to user

We are implementing RBAC in our plugin where,

I am having a user group with an admin role assigned to it in my vCenter.

I have added a user to this user-group, however, the admin role is not getting propagated to the user, instead,

it requires to assign the admin role to this user individually in order to reflect the admin role.

Query:-

Does this behavior is expected or am I missing any step here in between.?

Reply
7 Replies
Denis_Chorbadzh
VMware Employee
VMware Employee
‎08-03-2018 01:15 AM

Hi,

 

Can you please share the version of vSphere Client that you are using?

 

I have tried the following on vSphere 6.7 an it worked:

- Created a new group with admin role (Check the option "Propagate to children")

- Create a new user

- Add the user as a member to the group

- Verify that the user has admin privileges

- Change the role of the group to read-only

- Verify that the user has read-only privileges

- Add new user to the same group

- Verify that the new user has read-only privileges

 

Best Regards,

Denis

Reply
0 Kudos
abhishekdubey
Enthusiast
Enthusiast
‎08-03-2018 03:46 AM

I am using vSphere 6.5 and accessing roles from API's instead UI.

Reply
0 Kudos
abhishekdubey
Enthusiast
Enthusiast
‎08-06-2018 04:50 AM

I am using VMWare API retrieveEntityPermissions to retrieve permission list as follows:-

permissionList = vmConnection.getVimPort().retrieveEntityPermissions(vmConnection.getServiceContent().getAuthorizationManager(), mobEntity, true);

In the permissionList response, I am checking principal field to check against my logged in user ID to filter and retrieve the permission as follows in debug mode

pastedImage_1.png 

Above code is working fine as long as the role is assigned to the user individually  when I removed the role from the user and assigned to a Group as explained in the query ,this is not working

i am not getting permissionList containing principal field matching to my logged in user.

Reply
0 Kudos
tganchev
VMware Employee
VMware Employee
‎08-19-2018 10:23 AM

Hi Abishek,

You'd be able to get more help for this issue on the vSphere Web Services SDK forum or the general vSphere forum.

Best,

Tony

Reply
0 Kudos
abhishekdubey
Enthusiast
Enthusiast
‎08-19-2018 11:11 PM

Thanks for the reply.

Can you please share the link/url for vSphere Web Services SDK forum or the general vSphere forum as I tried searching it and end up with this forum itself.

I have Tagged this post as web service SDK instead.

Reply
0 Kudos
Denis_Chorbadzh
VMware Employee
VMware Employee
‎08-19-2018 11:38 PM

Hi,

 

Here is a link to the vSphere Management SDK Forum: https://code.vmware.com/forums/2416/vsphere-management-sdk

 

Best Regards,

Denis

Reply
abhishekdubey
Enthusiast
Enthusiast
‎08-20-2018 12:19 AM

Thanks Denis.

opened a thread as suggested to the respective forum.

vSphere Management SDK Forum - VMware {code}

Reply