Authorization Manager Set Entity Permissions
Defines one or more permission rules on an entity or updates rules if already present for the given user or group on the entity.
If a permission is specified multiple times for the same user or group, then the last permission specified takes effect.
The operation is applied transactionally per permission and is applied to the entity following the order of the elements in the permission array argument. This means that if a failure occurs, the method terminates at that point in the permission array with an exception, leaving at least one and as many as all permissions unapplied.
This will fail with an InvalidArgument fault if called on: the direct child folders of a datacenter managed object, the root resource pool of a ComputeResource or ClusterComputeResource, or a HostSystem that is part of a ComputeResource (Stand-alone Host). These objects always have the same permissions as their parent.
This will fail with an InvalidArgument fault if called on a fault-tolerance (FT) secondary VirtualMachine. Such a VirtualMachine always has the same permissions as its FT primary VirtualMachine.
The unique identifier for the managed object to which the method attaches; the serialized managed object reference for a request has the form moType/moId
, in this case AuthorizationManager/{moId}
.
The vSphere release schema. The current specification covers vSphere 8.0.2.0 APIs.
{
"entity": {
"_typeName": "string",
"type": "string",
"value": "string"
},
"permission": [
{
"_typeName": "string",
"entity": {
"_typeName": "string",
"type": "string",
"value": "string"
},
"principal": "string",
"group": false,
"roleId": 0,
"propagate": false
}
]
}
No Content
ManagedObjectNotFound: if the given entity does not exist.
UserNotFound: if a given user or group does not exist.
AuthMinimumAdminPermission: if this change would leave the system with no Administrator permission on the root node, or it would grant further permission to a user or group who already has Administrator permission on the root node.
NotFound: if a permission's roleId is not valid.
InvalidArgument: if one of the new role IDs is the View or Anonymous role, or the entity does not support assigning permissions.
NoPermission: if current session does not have any privilege in any permission that being set or "Authorization.ModifyPermissions" privilege on the entity.
{
"_typeName": "string",
"faultCause": "MethodFault Object",
"faultMessage": [
{
"_typeName": "string",
"key": "string",
"arg": [
{
"_typeName": "string",
"key": "string",
"value": {
"_typeName": "string"
}
}
],
"message": "string"
}
]
}