We are implementing RBAC in our plugin where,
I am using vSphere 6.5 and accessing roles from API's instead UI.
I am having a user group with an admin role assigned to it in my vCenter.
I have added a user to this user-group, however, the admin role is not getting propagated to the user, instead,
it requires to assign the admin role to this user individually in order to reflect the admin role.
Query:-
Does this behavior is expected or am I missing any step here in between.?
I am using VMWare API retrieveEntityPermissions to retrieve permission list as follows:-
permissionList = vmConnection.getVimPort().retrieveEntityPermissions(vmConnection.getServiceContent().getAuthorizationManager(), mobEntity, true);
In the permissionList response, I am checking principal field to check against my logged in user ID to filter and retrieve the permission as follows in debug mode
Above code is working fine as long as the role is assigned to the user individually when I removed the role from the user and assigned to a Group as explained in the query, this is not working
i am not getting permissionList containing principal field matching to my logged in user.