Update Vsphere Role Mappings

Update Vsphere Role Mappings
Update vSphere SSO Role Mappings

Updates role mappings for vSphere SSO user groups. Configures which AD/LDAP groups have access to HCX and their privilege levels.

Validations:

  • Role name cannot be empty
  • At least one role mapping required in request
  • User group names cannot be null or empty
  • Duplicate groups within same role are removed

Legacy to New Role Name:

  • "System Administrator" → "Migration Admin"
  • "Enterprise Administrator" → "Migration User"
  • "Appliance Administrator" → "Migration Appliance Admin"

HCX Roles:

  • System Administrator: (legacy) Allows users to create and modify network profiles, compute profiles and service meshes. Also allows users to perform migrations and network extensions.
  • Enterprise Administrator: (legacy) Allows users to create and modify compute profiles and service meshes. Also allows users to perform migrations and network extensions.
  • Appliance Administrator: (legacy) Allows users to view and modify VCF Operations HCX Management Appliance configurations.
  • Migration Admin: Allows users to create and modify network profiles, compute profiles and service meshes. Also allows users to perform migrations and network extensions.
  • Migration User: Allows users to create and modify compute profiles and service meshes. Also allows users to perform migrations and network extensions.
  • Migration Appliance Admin: Allows users to view and modify VCF Operations HCX Management Appliance configurations.

User Group Format:

  • Domain-Qualified: domain\groupname (e.g., vsphere.local\Administrators)
  • Commas automatically stripped
  • Case-Sensitive

Important Notes:

  • Changes take effect immediately for new logins
  • Existing user sessions not affected (re-login required)
  • Replacing existing mappings (not additive)
  • Empty array removes all role mappings
Request
URI
PUT
https://{server}:9443/api/admin/global/config/roleMappings
COPY
Request Body
[
    {
        "role": "Migration Admin",
        "userGroups": [
            "vsphere.local\\Administrators",
            "vsphere.local\\HCX-Admins"
        ]
    }
]
array of RoleMapping
Optional
Authentication
This operation uses the following authentication methods.
Responses
200

Role mappings updated successfully

Returns RoleMappingResponse of type(s) application/json 
{
    "isSuccess": true,
    "message": "Resource created/modified",
    "httpStatusCode": 200
}
boolean
isSuccess
Required

Indicates if the operation was successful

string
message
Required

Human-readable response message

integer
httpStatusCode
Required

HTTP status code


500

Internal server error - Failed to update role mappings

Returns ErrorResponse of type(s) application/json 
{
    "isSuccess": false,
    "message": "Request schema validation failed",
    "httpStatusCode": 400
}
boolean
isSuccess
Required

Indicates if the operation was successful

string
message
Required

Human-readable error message

integer
httpStatusCode
Required

HTTP status code


Code Samples
COPY
                    curl -X PUT -H 'Authorization: <value>' -H 'Content-Type: application/json' -d '[{}]' https://{api_host}/api/admin/global/config/roleMappings
On This Page
Role Mappings Operations
GET
Get Vsphere Role Mappings
PUT
Update Vsphere Role Mappings
GET
Search Vcf Sso Groups
GET
Get Vcf Sso Role Mappings
PUT
Update Vcf Sso Role Mappings