VMware Cloud Community
KThorlund
Enthusiast
Enthusiast
‎12-13-2019 03:05 AM

Business Group user roles - not able to trigger workflow - access to workflows

Hi, 

I have a business group, where I have added an AD group. The BG is entitled to deploy machines. 

If the AD group is added in the Support Role, the deployment is fine. 

But if the AD group is added as either Shared Access Role or User Role, it is not working. 

It is possible for the user / group to initiated the deployment request, but it fails when it hits vRO via an Event. 

All properties from my custom form is simply not transfered to the vRO workflow. 

What am I missing here - do I need to set specific rights on my workflow, event, or other?

Or is a deployment only expected to work when started with Support Role?

vRA 7.6. 

Best regards, Kjeld 

0 Kudos
3 Replies
KThorlund
Enthusiast
Enthusiast
‎12-13-2019 03:20 AM

It seems that the payload received in vRO is half empty..

Only build in fields/attributes are available in the payload. 

My custom fields are not there..

0 Kudos
KThorlund
Enthusiast
Enthusiast
‎12-13-2019 03:31 AM

It must the bug which is reported here, which I have met..

https://communities.vmware.com/thread/614220

0 Kudos
xian_
Expert
Expert
‎12-13-2019 10:38 AM

If you read through the thread, you'll find this is not a bug but works as designed:

Re: Custom Properties not being passed in Event Broker payload? [Permissions?]

there was a security hole risk in vRA that allowed users making requests via vRO or REST to add request properties that were disallowed through the UI.   In the UI, a basic user does not have access to any properties not marked show-in-request in the blueprint (i.e., the properties tab is hidden from them).  Customers viewed this as a must-fix security hole
0 Kudos