We are implementing RBAC in our plugin where,
I am having a user group with an admin role assigned to it in my vCenter.
I have added a user to this user-group, however, the admin role is not getting propagated to the user, instead,
it requires to assign the admin role to this user individually in order to reflect the admin role.
Query:-
Does this behavior is expected or am I missing any step here in between.?
Hi,
Can you please share the version of vSphere Client that you are using?
I have tried the following on vSphere 6.7 an it worked:
- Created a new group with admin role (Check the option "Propagate to children")
- Create a new user
- Add the user as a member to the group
- Verify that the user has admin privileges
- Change the role of the group to read-only
- Verify that the user has read-only privileges
- Add new user to the same group
- Verify that the new user has read-only privileges
Best Regards,
Denis
I am using vSphere 6.5 and accessing roles from API's instead UI.
I am using VMWare API retrieveEntityPermissions to retrieve permission list as follows:-
permissionList = vmConnection.getVimPort().retrieveEntityPermissions(vmConnection.getServiceContent().getAuthorizationManager(), mobEntity, true);
In the permissionList response, I am checking principal field to check against my logged in user ID to filter and retrieve the permission as follows in debug mode
Above code is working fine as long as the role is assigned to the user individually when I removed the role from the user and assigned to a Group as explained in the query ,this is not working
i am not getting permissionList containing principal field matching to my logged in user.
Hi Abishek,
You'd be able to get more help for this issue on the vSphere Web Services SDK forum or the general vSphere forum.
Best,
Tony
Thanks for the reply.
Can you please share the link/url for vSphere Web Services SDK forum or the general vSphere forum as I tried searching it and end up with this forum itself.
I have Tagged this post as web service SDK instead.
Hi,
Here is a link to the vSphere Management SDK Forum: https://code.vmware.com/forums/2416/vsphere-management-sdk
Best Regards,
Denis
Thanks Denis.
opened a thread as suggested to the respective forum.