Host Access Manager Update Lockdown Exceptions

Update the list of users which are exceptions for lockdown mode.

Usually these are user accounts used by third party solutions and external applications which need to continue to function in lockdown mode. It is not advised to add user accounts used by human operators, because this will compromise the purpose of lockdown mode.

Both local and domain users are supported. The format for domain accounts is "DOMAIN\login".

When this API is called when the host is in lockdown mode, the behaviour is as follows:

if a user is removed from the exceptions list, then the permissions of that user are removed.
if a user is added to the exceptions list, then the permissions of that user are restored.

As of vSphere API 9.1, all user names in the specified list can be prefixed with '+' (plus) or '-' (minus) sign. In this case, either all names must have a '+' or '-' prefix, or all names must have no prefix.

Required privileges: Global.Settings

Request

URI

POST

https://{vcenter-host}/sdk/vim25/{release}/HostAccessManager/{moId}/UpdateLockdownExceptions

COPY

Path Parameters

string

moId

Required

The unique identifier for the managed object to which the method attaches; the serialized managed object reference for a request has the form moType/moId, in this case HostAccessManager/{moId}.

string

release

Required

The vSphere release schema. The current specification covers vSphere 9.1.0.0 APIs.

Request Body

UpdateLockdownExceptionsRequestType of type(s) application/json

Optional

{
    "users": [
        "string"
    ]
}

array of string

users

Optional

the new list of lockdown mode exceptions, or a list of users to set or unset as lockdown exceptions depending on the '+' or '-' prefix of each user name. If a user name starts with '+' then it will be added to the current list of lockdown exceptions. If a user name starts with '-' then it will be removed from the current list of lockdown exceptions.

Authentication

This operation uses the following authentication methods.

Session

Responses

204

No Content

Operation doesn't return any data structure

500

AuthMinimumAdminPermission: if the user invoking the operation is not present in the new list of exceptions.

UserNotFound: if one of the specified users is not found.

Returns VimFault of type(s) application/json

This response body class contains all of the following: MethodFault

{
    "_typeName": "string",
    "faultCause": {
        "_typeName": "string",
        "faultCause": "MethodFault Object",
        "faultMessage": [
            {
                "_typeName": "string",
                "key": "string",
                "arg": [
                    {
                        "_typeName": "string",
                        "key": "string",
                        "value": {
                            "_typeName": "string"
                        }
                    }
                ],
                "message": "string"
            }
        ]
    },
    "faultMessage": [
        {
            "_typeName": "string",
            "key": "string",
            "arg": [
                {
                    "_typeName": "string",
                    "key": "string",
                    "value": {
                        "_typeName": "string"
                    }
                }
            ],
            "message": "string"
        }
    ]
}

Code Samples

COPY

                    curl -X POST -H 'Authorization: <value>' -H 'Content-Type: application/json' -d '{}' https://{api_host}/sdk/vim25/{release}/HostAccessManager/{moId}/UpdateLockdownExceptions

On This Page

Description

Request

Path Parameters

Request Body

Authentication

Response

204 Response Body

Errors

Virtual Infrastructure Operations

POST

Host Access Manager Change Access Mode