Authorization Manager Set Entity Permissions

Defines one or more permission rules on an entity or updates rules if already present for the given user or group on the entity.

If a permission is specified multiple times for the same user or group, then the last permission specified takes effect.

The operation is applied transactionally per permission and is applied to the entity following the order of the elements in the permission array argument. This means that if a failure occurs, the method terminates at that point in the permission array with an exception, leaving at least one and as many as all permissions unapplied.

This will fail with an InvalidArgument fault if called on: the direct child folders of a datacenter managed object, the root resource pool of a ComputeResource or ClusterComputeResource, or a HostSystem that is part of a ComputeResource (Stand-alone Host). These objects always have the same permissions as their parent.

This will fail with an InvalidArgument fault if called on a fault-tolerance (FT) secondary VirtualMachine. Such a VirtualMachine always has the same permissions as its FT primary VirtualMachine.

Request

URI

POST

https://{vcenter-host}/sdk/vim25/{release}/AuthorizationManager/{moId}/SetEntityPermissions

COPY

Path Parameters

string

moId

Required

The unique identifier for the managed object to which the method attaches; the serialized managed object reference for a request has the form moType/moId, in this case AuthorizationManager/{moId}.

string

release

Required

The vSphere release schema. The current specification covers vSphere 8.0.2.0 APIs.

Request Body

SetEntityPermissionsRequestType of type(s) application/json

Required

{
    "entity": {
        "type": "string",
        "value": "string"
    },
    "permission": [
        {
            "_typeName": "string",
            "entity": {
                "type": "string",
                "value": "string"
            },
            "principal": "string",
            "group": false,
            "roleId": 0,
            "propagate": false
        }
    ]
}

MoRefManagedEntity

entity

Required

Reference to an instance of the ManagedEntity managed object.

array of Permission

permission

Optional

An array of specifications for permissions on the entity.

Authentication

This operation uses the following authentication methods.

Session

Responses

204

No Content

Operation doesn't return any data structure

500

ManagedObjectNotFound: if the given entity does not exist.

UserNotFound: if a given user or group does not exist.

AuthMinimumAdminPermission: if this change would leave the system with no Administrator permission on the root node, or it would grant further permission to a user or group who already has Administrator permission on the root node.

NotFound: if a permission's roleId is not valid.

InvalidArgument: if one of the new role IDs is the View or Anonymous role, or the entity does not support assigning permissions.

NoPermission: if current session does not have any privilege in any permission that being set or "Authorization.ModifyPermissions" privilege on the entity.

Returns VimFault of type(s) application/json

This response body class contains all of the following: MethodFault

{
    "_typeName": "string",
    "faultCause": "MethodFault Object",
    "faultMessage": [
        {
            "_typeName": "string",
            "key": "string",
            "arg": [
                {
                    "_typeName": "string",
                    "key": "string",
                    "value": {
                        "_typeName": "string"
                    }
                }
            ],
            "message": "string"
        }
    ]
}

On This Page

Description

Request

Path Parameters

Request Body

Authentication

Response

204 Response Body

Errors

Authorization Manager Operations

POST

Authorization Manager Add Authorization Role