Thanks for the reply. I have the process of creating the business group working fine. It creates AD OUs and groups. The issue i ran into was that i was not able to determine which business group the requester was a member of so i couldn't do a look up of the ad groups to let them manage them. I figured i would create a custom resource and have them execute a resource action against the item (which i have also already written). The issue im having is setting the owner to a someone other than the person who ran the catalog item. The image you linked to it says you can set ownership but im not sure how. Do you have the base post where that image came from? perhaps they already figured this out.

The image is a screenshot from our Lab.

You should set the owner during provisioning versus changing it after, though I think both may be possible.

It is something I need to know as well.  Let me see if I can put something together.

maybe i can clarify a bit more. The creation, modification, and deletion of the business group, reservations, etc all works as expected as long as the person who requested the business group to be created (who is set as the owner by default) is the one running the vcac business group resource actions.

My issue is that someone in our billing dept is going to create the business groups using a service blueprint, they will not be created by a customer. During the business group creation process or post creation we need to set the owner to be the business groups managers group of the business group being created, whether its the vCAC group or an AD group doesn't really matter to me. I cannot find a way to set the owner during creation nor can i find an object in the database that matches the business group custom resource to modify.

Sure...

From what I have been able to tell thus far, the "owner" of objects with the current iteration of the tool has to be a user.  (which could be a service account assigned to the business group).

I don't think you are going to get what you need through the existing "Roles" defined in VCAC.

So you would be talking about having a Business Group that contains members who can do entitled actions against their own business group. (self manage)

In order for them to see the Business Group to manage, it has to be IN inventory in a way that they can see it.  (because you are not giving them VCAC roles)

Once it is IN inventory, they need to have an Entitlement (edit: OF ACTIONS) to be able to work with it.

Even people who do not OWN the business group inventory item can be Entitled to work with it.  (case in point, you can see in my image that I selected "All Groups I manage" and not Owned by Me)

Yet I understand, you would want the BusinessGroup owned by somebody actually IN the business group.

I am still looking into the change owner for a Custom Type, but a thought came to my head...

Creation of a Business Group in and of itself doesn't have an owner.

It is the step that adds the Business Group as a *Provisioned* Custom Type that has an owner... and then Resource Actions as defined.

One *could* just create an Entitled Service Blueprint called "Manage My Business Group". "Add Business Group Management". That could then take the current business group and add it under ownership of the person who ran it. (e.g. not the billing department, but the managers on the customer side)

I know that is a second step... but then any manager could come along later and add the Business Group as their inventory item to manage.  (which would give them the Resource Actions on that inventory item... which would include adding more users or managers)  It is self-sustaining.

So maybe what i'm really asking is "How to modify a custom resource entity". If you figure that out let me know. I scoured the databases and don't see any trace of the custom resource in the databases. I expected to see something like a Custom Resource table in the Entity framework DB but i don't. I went as far as to run a query against every table in both DBs for the string name of the object, i got no usable results.

I found this post vCAC vCO plugin -- get vCACCAFECsResourceType for internal "IaaS VC VirtualMachine" resource type in... which lead me to vCACCAFEEntitiesFinder.findCustomResources(host, string) . That looks like it should give me what i want, however when i try to execute it i get the error "403 Forbidden" I can execute other methods off the entities finder just fine, this is the only one i tested with that throws any error.

Sorry... I ran out of time yesterday.  Looking into this again today.  Others may have a direct answer already worked out....  (and I hope they will respond if they do)

The Owner is available across the Entity Link.  I don't think it can be updated through the Entity.  I think you have to update it on the other side.

This is not a custom object, but I think it will end up being similar across the entity link....  It is a little thing I put together to present me a map of Entity types after learning the Owner was available across a link.

Maybe it will help you... it gave me kind of an "ah-ha" moment.

Just supply a VCAC:VirtualMachine as an input...

var entity = vcacvm.getEntity();

var ownerEntity = entity.getLink(host,"Owner")[0];

ownerEntity.getProperty("UserName");

entityProperties = entity.getProperties();

System.log("Entity Properties.......................");

for each (key in entityProperties.keys)

{

  System.log(key);

  }

System.log("Entity Links............................");

entityLinks = entity.getLinks(host);

for each (key in entityLinks.keys)

{

  System.log(key);

  }

What what i can tell the Custom Resource doesn't map to an Entity. It looks like its considered a CatalogResource maybe? Navigating through the vRO vCACCAFE:vCACHost object in Host > Items seems to display my Custom Resource.

This shows me the object and the owner, but there is no method for setOwners.

var resource = vCACCAFEEntitiesFinder.findCatalogResources(host,"name/description")[0];

var resourceOwner = resource.getOwners()[0];

Yeah there is no Inventory Item on the IaaS side.  It is a Café Catalog Resource... however... it is also not very fruitful....

I can get data all over it... but I cannot update anything so far....

...code with notes....

//EDIT:  catalogResource is an input type of vCACCAFE:CatalogResource if that isn't readily apparent....

System.log("Working with Catalog Resources.........."); 
for each (owner in catalogResource.owners)
{
//This gets the current owner, but owner in catalogResource is READ ONLY! AKA... irritating.
System.log(owner.getValue());
System.log(owner.getRef());
System.log(owner.getTenantName());

//This sets the vCACCAFECatalogPrincipal "owner" variable with the values
owner.setRef("myuser@mydomain");
owner.setValue("MyFirstname MyLastName");

//This shows the values are set....
System.log(owner.getValue());
System.log(owner.getRef());
System.log(owner.getTenantName());

//BUT THERE IS NO WAY TO WRITE IT BACK INTO THE READ ONLY FIELD!!! (At least directly.)
}

//Description is not listed as a Read Only Field and it has methods for updating
// This runs successfully...
catalogResource.setDescription("I'm sorry, Dave. I'm afraid I can't do that.");
System.log(catalogResource.getDescription());
// However.... The description does not change on the vCACCAFECatalogResource in the plugin library

// So even with a field that should be updatable... it doesn't work.... puzzling....

By chance are you able to run vCACCAFEEntitiesFinder.findCustomResources(host, string)? i get a 403 when I try to execute that.

Even if you were to get the return from that... you would have a vCACCAFECsResourceType

If you look at that type, you won't see any methods to be able to edit the owner.

I think it may be entirely possible that changing the owner with how the API is implemented is a dead end.

However... I just changed the owner of a Business Group custom type through the ASD Provisioning piece.  My initial thought was that you could have the same Inventory item more than one time.  It will not let you do that... and it changes the owner.

Consider this image carefully and compare with the one I posted before...

Brian is the new owner for that business group, and I performed the action that made him so.

I did an "on Behalf of" request to a workflow that I am using as my inventory add.  The workflow is a simple one... it takes is one EXISTING BusinessGroup... Syslogs the name in a script because you have to do something with an input... and then sends the same BusinessGroup out.  The ASD Service Blueprint that runs the workflow is set to Provision.

What I expected was I would have two _Middleware BusinessGroup inventory items.  One managed by me (the original owner).  One managed by Brian.  To my surprise, it merely changed the owner.

What I think this means is... if we can hijack the "On behalf of" programmatically, we can assign a new owner to any CustomResource by calling a ResourceAction on the Resource called Change owner... where the resource action itself is set to Provision a Type Business Group... where the BusinessGroup is itself.

How this would operationally work is: the business group would get built and added as a custom resource item under the Provisioning Group User (e.g. Billing User). (Note: The provision group user would need to be initially in the business group.) They would click on the Custom Resource Item for Business Group and select the Change Owner Resource Action.  They would type in the name of the new owner and click submit. (Then then could remove themselves from the business group.)

The new "owner" can see the resource as "owned by Me".  Others in the Business Group could see the Business Group owned by the owner.  Anybody "entitled" to run "Change Owner" could change the owner going forward.

What do you think?  Worth looking into this path?

Bah...

So there is a Workflow called "Request a resource action on behalf of a user".  That WOULD be the workflow that you would run in order to run a resource action called "Change Business Group Owner."

Unfortunately... I had forgotten that Resource Operations (at least in our three environments) are FUBAR.

I will be continuing to look around, but the only success I have had so far is to use the VCAC "On Behalf of" section of the catalog request to run a Service Blueprint with a workflow that sets BusinessGroupOut = BusinessGroupIn and with a check in the box for Provisioned (in the ASD Service Blueprint that calls the workflow).  That successfully sets the owner to the "On Behalf of" user both during creation of the inventory item... and afterward by updating the inventory item.  (notice my Business Group inventory item's date didn't change to today... so it didn't replace).  I can outline those steps in greater detail if they are confusing.

>>By chance are you able to run vCACCAFEEntitiesFinder.findCustomResources(host, string)? i get a 403 when I try to execute that.

Ditto...

I am switching gears to gather data to open a ticket on the issues found here and within the Resource Actions (Consumer Resource Operations).

Yesterday, I extended the effort by attempting to connect through a client service into the resource item.  Same 403 error on target...

----------------------------

System.log("tenant = " +hostcafe.tenant);

System.log("Client..."); 

var someClient =hostcafe.createAdvancedDesignerClient();

System.log(someClient.getUrl());

System.log("Service...");
var someService = someClient.getAdvancedDesignerCsResourceTypeService();
System.log("Get Resource Type...");

// 403 forbidden... dammit
//var amount = someService.getResourceType(hostcafe.tenant,"0476b331-a5c2-4389-bc2e-883100000c5d");

-----------------------------

Also... you were looking at using the Entities finder to pull back Custom Resources, but the Custom Resources are actually vCACCAFE:CatalogResource objects just like Virtual Machines.  So the entities finder for "find" or "get" CatalogResource will return the Business Group catalog resource.  You can also just select it as an input... there is no reason to go through the finder for testing purposes.

Once we have the object, I can find no methods or capabilities to change the owner... but I expect that because the target across the link is a "read-only" owner field as exposed through the API.

I am pretty sure VMware considers these activities to be "fringe", but I am still quite a bit frustrated that such roadblocks exist.  (or that there are not clear examples of change ownership of ANY item... because that should be a common task in anybody's book)  If there is a method to do this, I have been unable to figure it out with a reasonable amount of effort.  (other than the re-inventory option through the GUI that actually does change the owner... which I mentioned earlier)

did you ever get anywhere on this?

Support ticket is in to development...  I put it in as a feature request.  Basically the ability to change ownership on custom and machine resources programmatically.

I was hoping that they would come back quickly with a way we just haven't thought of yet.... but since it is taking so long, I suspect they would have to build a way.

I will let you know if I get a response.

~Sean

I attempted a work around with no success.

I created a service account that would eventually be a member of the business group i want to create. I added the service account to my infrastructure admins group and created the new business group so that the owner of the provisioned custom resource was the service account. I then removed the service account from the tenant admins group and added it to the newly created business group. I can see the object but cannot run actions on it. I then attempted to setOrganization to move the associated organization (business group) from my infrastructure admins business group tot he newly created business group.The process completes without error, however it appears to not actually update the organization of the object.

Frustrating...

Here's the bit of code i tried:

var resource = vCACCAFEEntitiesFinder.findCatalogResources(host,"newgroup")[0];

System.log("resource: " + resource);

var cur = resource.getOrganization();

System.log("current org: " + cur);

var ent = vCACCAFEEntitiesFinder.findEntitlements(host,"newgroup")[0];

System.log("ent: " + ent);

var org = ent.getOrganization();

System.log("org: " + org);

resource.setOrganization(org);

var updatedresource = vCACCAFEEntitiesFinder.findCatalogResources(host,"newgroup")[0];

var update = updatedresource.getOrganization();

System.log("updated: " + update);

>>I can see the object but cannot run actions on it

Can you see the actions?  I assume you are talking about resource actions here?