Create Namespace Domain Subject Access

Create Namespace Domain Subject Access

Set up access control for the subject on given domain on the namespace.

Request
URI
POST
https://{api_host}/api/vcenter/namespaces/instances/{namespace}/access/{domain}/{subject}
COPY
Path Parameters
string
namespace
Required

Identifier for the namespace. The parameter must be an identifier for the resource type: com.vmware.vcenter.namespaces.Instance.

string
domain
Required

The domain of the subject.

string
subject
Required

The principal for this operation.

Query Parameters
type
Required

The type of subject (USER or GROUP).


Request Body
Namespaces_Access_CreateSpec of type(s) application/json
Required

Show optional properties

{
    "role": "string"
}
{
    "role": "string",
    "identity_provider": "string"
}
role
Required

The Access.Role enumerated type lists the default roles which can be associated with a subject on a domain on the namespace.
OWNER : This role allows modification and deletion of the namespace.
EDIT : This role allows modification of the namespace.
VIEW : This is a read-only role on the namespace.

string
identity_provider
Optional

UUID of an external identity provider for the user, if any. Use this field if the user is coming from an external identity provider configured via the com.vmware.vcenter.namespace_management.supervisors.identity.Providers service. If unset, vCenter Single Sign-On will be used as the identity provider. When clients pass a value of this structure as a parameter, the field must be an identifier for the resource type: com.vmware.vcenter.namespace_management.identity.Provider. When operations return a value of this structure as a result, the field will be an identifier for the resource type: com.vmware.vcenter.namespace_management.identity.Provider.

Authentication
This operation uses the following authentication methods.
Responses
204
Operation doesn't return any data structure

400

com.vmware.vapi.std.errors.already_exists : if the specified principal on given domain is already associated with a role on the namespace. | com.vmware.vapi.std.errors.not_allowed_in_current_state : if the namespace is marked for deletion or the associated cluster is being disabled. | com.vmware.vapi.std.errors.invalid_argument : if spec contains any errors or if an invalid type is specified. | com.vmware.vapi.std.errors.unsupported : if the specified principal on given domain is not associated with the namespace, or when the user or group does not come from vSphere SSO and the OWNER role is being granted.

Returns Std_Errors_Error of type(s) application/json
{
    "messages": [
        {
            "id": "string",
            "default_message": "string",
            "args": [
                "string"
            ],
            "params": {
                "params": {
                    "s": "string",
                    "dt": "string",
                    "i": 0,
                    "d": "number",
                    "l": {
                        "id": "string",
                        "params": {
                            "params": "Std_LocalizationParam Object"
                        }
                    },
                    "format": "string",
                    "precision": 0
                }
            },
            "localized": "string"
        }
    ],
    "data": {},
    "error_type": "string"
}
messages
Required

Stack of one or more localizable messages for human error consumers. The message at the top of the stack (first in the list) describes the error from the perspective of the operation the client invoked.

Each subsequent message in the stack describes the "cause" of the prior message.

object
data
Optional

Data to facilitate clients responding to the operation reporting a standard error to indicating that it was unable to complete successfully. Operations may provide data that clients can use when responding to errors. Since the data that clients need may be specific to the context of the operation reporting the error, different operations that report the same error may provide different data in the error. The documentation for each each operation will describe what, if any, data it provides for each error it reports.

The ArgumentLocations, FileLocations, and TransientIndication structures are intended as possible values for this field. DynamicID may also be useful as a value for this field (although that is not its primary purpose). Some services may provide their own specific structures for use as the value of this field when reporting errors from their operations.

Some operations will not set this field when reporting errors.

error_type
Optional

Enumeration of all standard errors. Used as discriminator in protocols that have no standard means for transporting the error type, e.g. REST.
ERROR : Discriminator for the Error type.
ALREADY_EXISTS : Discriminator for the AlreadyExists type.
ALREADY_IN_DESIRED_STATE : Discriminator for the AlreadyInDesiredState type.
CANCELED : Discriminator for the Canceled type.
CONCURRENT_CHANGE : Discriminator for the ConcurrentChange type.
FEATURE_IN_USE : Discriminator for the FeatureInUse type.
INTERNAL_SERVER_ERROR : Discriminator for the InternalServerError type.
INVALID_ARGUMENT : Discriminator for the InvalidArgument type.
INVALID_ELEMENT_CONFIGURATION : Discriminator for the InvalidElementConfiguration type.
INVALID_ELEMENT_TYPE : Discriminator for the InvalidElementType type.
INVALID_REQUEST : Discriminator for the InvalidRequest type.
NOT_ALLOWED_IN_CURRENT_STATE : Discriminator for the NotAllowedInCurrentState type.
NOT_FOUND : Discriminator for the NotFound type.
OPERATION_NOT_FOUND : Discriminator for the OperationNotFound type.
RESOURCE_BUSY : Discriminator for the ResourceBusy type.
RESOURCE_IN_USE : Discriminator for the ResourceInUse type.
RESOURCE_INACCESSIBLE : Discriminator for the ResourceInaccessible type.
SERVICE_UNAVAILABLE : Discriminator for the ServiceUnavailable type.
TIMED_OUT : Discriminator for the TimedOut type.
UNABLE_TO_ALLOCATE_RESOURCE : Discriminator for the UnableToAllocateResource type.
UNAUTHENTICATED : Discriminator for the Unauthenticated type.
UNAUTHORIZED : Discriminator for the Unauthorized type.
UNEXPECTED_INPUT : Discriminator for the UnexpectedInput type.
UNSUPPORTED : Discriminator for the Unsupported type.
UNVERIFIED_PEER : Discriminator for the UnverifiedPeer type.


401

com.vmware.vapi.std.errors.unauthenticated : if the user can not be authenticated.

Returns Std_Errors_Error of type(s) application/json
{
    "messages": [
        {
            "id": "string",
            "default_message": "string",
            "args": [
                "string"
            ],
            "params": {
                "params": {
                    "s": "string",
                    "dt": "string",
                    "i": 0,
                    "d": "number",
                    "l": {
                        "id": "string",
                        "params": {
                            "params": "Std_LocalizationParam Object"
                        }
                    },
                    "format": "string",
                    "precision": 0
                }
            },
            "localized": "string"
        }
    ],
    "data": {},
    "error_type": "string"
}
messages
Required

Stack of one or more localizable messages for human error consumers. The message at the top of the stack (first in the list) describes the error from the perspective of the operation the client invoked.

Each subsequent message in the stack describes the "cause" of the prior message.

object
data
Optional

Data to facilitate clients responding to the operation reporting a standard error to indicating that it was unable to complete successfully. Operations may provide data that clients can use when responding to errors. Since the data that clients need may be specific to the context of the operation reporting the error, different operations that report the same error may provide different data in the error. The documentation for each each operation will describe what, if any, data it provides for each error it reports.

The ArgumentLocations, FileLocations, and TransientIndication structures are intended as possible values for this field. DynamicID may also be useful as a value for this field (although that is not its primary purpose). Some services may provide their own specific structures for use as the value of this field when reporting errors from their operations.

Some operations will not set this field when reporting errors.

error_type
Optional

Enumeration of all standard errors. Used as discriminator in protocols that have no standard means for transporting the error type, e.g. REST.
ERROR : Discriminator for the Error type.
ALREADY_EXISTS : Discriminator for the AlreadyExists type.
ALREADY_IN_DESIRED_STATE : Discriminator for the AlreadyInDesiredState type.
CANCELED : Discriminator for the Canceled type.
CONCURRENT_CHANGE : Discriminator for the ConcurrentChange type.
FEATURE_IN_USE : Discriminator for the FeatureInUse type.
INTERNAL_SERVER_ERROR : Discriminator for the InternalServerError type.
INVALID_ARGUMENT : Discriminator for the InvalidArgument type.
INVALID_ELEMENT_CONFIGURATION : Discriminator for the InvalidElementConfiguration type.
INVALID_ELEMENT_TYPE : Discriminator for the InvalidElementType type.
INVALID_REQUEST : Discriminator for the InvalidRequest type.
NOT_ALLOWED_IN_CURRENT_STATE : Discriminator for the NotAllowedInCurrentState type.
NOT_FOUND : Discriminator for the NotFound type.
OPERATION_NOT_FOUND : Discriminator for the OperationNotFound type.
RESOURCE_BUSY : Discriminator for the ResourceBusy type.
RESOURCE_IN_USE : Discriminator for the ResourceInUse type.
RESOURCE_INACCESSIBLE : Discriminator for the ResourceInaccessible type.
SERVICE_UNAVAILABLE : Discriminator for the ServiceUnavailable type.
TIMED_OUT : Discriminator for the TimedOut type.
UNABLE_TO_ALLOCATE_RESOURCE : Discriminator for the UnableToAllocateResource type.
UNAUTHENTICATED : Discriminator for the Unauthenticated type.
UNAUTHORIZED : Discriminator for the Unauthorized type.
UNEXPECTED_INPUT : Discriminator for the UnexpectedInput type.
UNSUPPORTED : Discriminator for the Unsupported type.
UNVERIFIED_PEER : Discriminator for the UnverifiedPeer type.


403

com.vmware.vapi.std.errors.unauthorized : if the user does not have Namespaces.Configure privilege or the namespace identifier begins with "vmware-system" prefix.

Returns Std_Errors_Error of type(s) application/json
{
    "messages": [
        {
            "id": "string",
            "default_message": "string",
            "args": [
                "string"
            ],
            "params": {
                "params": {
                    "s": "string",
                    "dt": "string",
                    "i": 0,
                    "d": "number",
                    "l": {
                        "id": "string",
                        "params": {
                            "params": "Std_LocalizationParam Object"
                        }
                    },
                    "format": "string",
                    "precision": 0
                }
            },
            "localized": "string"
        }
    ],
    "data": {},
    "error_type": "string"
}
messages
Required

Stack of one or more localizable messages for human error consumers. The message at the top of the stack (first in the list) describes the error from the perspective of the operation the client invoked.

Each subsequent message in the stack describes the "cause" of the prior message.

object
data
Optional

Data to facilitate clients responding to the operation reporting a standard error to indicating that it was unable to complete successfully. Operations may provide data that clients can use when responding to errors. Since the data that clients need may be specific to the context of the operation reporting the error, different operations that report the same error may provide different data in the error. The documentation for each each operation will describe what, if any, data it provides for each error it reports.

The ArgumentLocations, FileLocations, and TransientIndication structures are intended as possible values for this field. DynamicID may also be useful as a value for this field (although that is not its primary purpose). Some services may provide their own specific structures for use as the value of this field when reporting errors from their operations.

Some operations will not set this field when reporting errors.

error_type
Optional

Enumeration of all standard errors. Used as discriminator in protocols that have no standard means for transporting the error type, e.g. REST.
ERROR : Discriminator for the Error type.
ALREADY_EXISTS : Discriminator for the AlreadyExists type.
ALREADY_IN_DESIRED_STATE : Discriminator for the AlreadyInDesiredState type.
CANCELED : Discriminator for the Canceled type.
CONCURRENT_CHANGE : Discriminator for the ConcurrentChange type.
FEATURE_IN_USE : Discriminator for the FeatureInUse type.
INTERNAL_SERVER_ERROR : Discriminator for the InternalServerError type.
INVALID_ARGUMENT : Discriminator for the InvalidArgument type.
INVALID_ELEMENT_CONFIGURATION : Discriminator for the InvalidElementConfiguration type.
INVALID_ELEMENT_TYPE : Discriminator for the InvalidElementType type.
INVALID_REQUEST : Discriminator for the InvalidRequest type.
NOT_ALLOWED_IN_CURRENT_STATE : Discriminator for the NotAllowedInCurrentState type.
NOT_FOUND : Discriminator for the NotFound type.
OPERATION_NOT_FOUND : Discriminator for the OperationNotFound type.
RESOURCE_BUSY : Discriminator for the ResourceBusy type.
RESOURCE_IN_USE : Discriminator for the ResourceInUse type.
RESOURCE_INACCESSIBLE : Discriminator for the ResourceInaccessible type.
SERVICE_UNAVAILABLE : Discriminator for the ServiceUnavailable type.
TIMED_OUT : Discriminator for the TimedOut type.
UNABLE_TO_ALLOCATE_RESOURCE : Discriminator for the UnableToAllocateResource type.
UNAUTHENTICATED : Discriminator for the Unauthenticated type.
UNAUTHORIZED : Discriminator for the Unauthorized type.
UNEXPECTED_INPUT : Discriminator for the UnexpectedInput type.
UNSUPPORTED : Discriminator for the Unsupported type.
UNVERIFIED_PEER : Discriminator for the UnverifiedPeer type.


404

com.vmware.vapi.std.errors.not_found : if namespace cannot be located.

Returns Std_Errors_Error of type(s) application/json
{
    "messages": [
        {
            "id": "string",
            "default_message": "string",
            "args": [
                "string"
            ],
            "params": {
                "params": {
                    "s": "string",
                    "dt": "string",
                    "i": 0,
                    "d": "number",
                    "l": {
                        "id": "string",
                        "params": {
                            "params": "Std_LocalizationParam Object"
                        }
                    },
                    "format": "string",
                    "precision": 0
                }
            },
            "localized": "string"
        }
    ],
    "data": {},
    "error_type": "string"
}
messages
Required

Stack of one or more localizable messages for human error consumers. The message at the top of the stack (first in the list) describes the error from the perspective of the operation the client invoked.

Each subsequent message in the stack describes the "cause" of the prior message.

object
data
Optional

Data to facilitate clients responding to the operation reporting a standard error to indicating that it was unable to complete successfully. Operations may provide data that clients can use when responding to errors. Since the data that clients need may be specific to the context of the operation reporting the error, different operations that report the same error may provide different data in the error. The documentation for each each operation will describe what, if any, data it provides for each error it reports.

The ArgumentLocations, FileLocations, and TransientIndication structures are intended as possible values for this field. DynamicID may also be useful as a value for this field (although that is not its primary purpose). Some services may provide their own specific structures for use as the value of this field when reporting errors from their operations.

Some operations will not set this field when reporting errors.

error_type
Optional

Enumeration of all standard errors. Used as discriminator in protocols that have no standard means for transporting the error type, e.g. REST.
ERROR : Discriminator for the Error type.
ALREADY_EXISTS : Discriminator for the AlreadyExists type.
ALREADY_IN_DESIRED_STATE : Discriminator for the AlreadyInDesiredState type.
CANCELED : Discriminator for the Canceled type.
CONCURRENT_CHANGE : Discriminator for the ConcurrentChange type.
FEATURE_IN_USE : Discriminator for the FeatureInUse type.
INTERNAL_SERVER_ERROR : Discriminator for the InternalServerError type.
INVALID_ARGUMENT : Discriminator for the InvalidArgument type.
INVALID_ELEMENT_CONFIGURATION : Discriminator for the InvalidElementConfiguration type.
INVALID_ELEMENT_TYPE : Discriminator for the InvalidElementType type.
INVALID_REQUEST : Discriminator for the InvalidRequest type.
NOT_ALLOWED_IN_CURRENT_STATE : Discriminator for the NotAllowedInCurrentState type.
NOT_FOUND : Discriminator for the NotFound type.
OPERATION_NOT_FOUND : Discriminator for the OperationNotFound type.
RESOURCE_BUSY : Discriminator for the ResourceBusy type.
RESOURCE_IN_USE : Discriminator for the ResourceInUse type.
RESOURCE_INACCESSIBLE : Discriminator for the ResourceInaccessible type.
SERVICE_UNAVAILABLE : Discriminator for the ServiceUnavailable type.
TIMED_OUT : Discriminator for the TimedOut type.
UNABLE_TO_ALLOCATE_RESOURCE : Discriminator for the UnableToAllocateResource type.
UNAUTHENTICATED : Discriminator for the Unauthenticated type.
UNAUTHORIZED : Discriminator for the Unauthorized type.
UNEXPECTED_INPUT : Discriminator for the UnexpectedInput type.
UNSUPPORTED : Discriminator for the Unsupported type.
UNVERIFIED_PEER : Discriminator for the UnverifiedPeer type.


500

com.vmware.vapi.std.errors.error : if the system reports an error while responding to the request.

Returns Std_Errors_Error of type(s) application/json
{
    "messages": [
        {
            "id": "string",
            "default_message": "string",
            "args": [
                "string"
            ],
            "params": {
                "params": {
                    "s": "string",
                    "dt": "string",
                    "i": 0,
                    "d": "number",
                    "l": {
                        "id": "string",
                        "params": {
                            "params": "Std_LocalizationParam Object"
                        }
                    },
                    "format": "string",
                    "precision": 0
                }
            },
            "localized": "string"
        }
    ],
    "data": {},
    "error_type": "string"
}
messages
Required

Stack of one or more localizable messages for human error consumers. The message at the top of the stack (first in the list) describes the error from the perspective of the operation the client invoked.

Each subsequent message in the stack describes the "cause" of the prior message.

object
data
Optional

Data to facilitate clients responding to the operation reporting a standard error to indicating that it was unable to complete successfully. Operations may provide data that clients can use when responding to errors. Since the data that clients need may be specific to the context of the operation reporting the error, different operations that report the same error may provide different data in the error. The documentation for each each operation will describe what, if any, data it provides for each error it reports.

The ArgumentLocations, FileLocations, and TransientIndication structures are intended as possible values for this field. DynamicID may also be useful as a value for this field (although that is not its primary purpose). Some services may provide their own specific structures for use as the value of this field when reporting errors from their operations.

Some operations will not set this field when reporting errors.

error_type
Optional

Enumeration of all standard errors. Used as discriminator in protocols that have no standard means for transporting the error type, e.g. REST.
ERROR : Discriminator for the Error type.
ALREADY_EXISTS : Discriminator for the AlreadyExists type.
ALREADY_IN_DESIRED_STATE : Discriminator for the AlreadyInDesiredState type.
CANCELED : Discriminator for the Canceled type.
CONCURRENT_CHANGE : Discriminator for the ConcurrentChange type.
FEATURE_IN_USE : Discriminator for the FeatureInUse type.
INTERNAL_SERVER_ERROR : Discriminator for the InternalServerError type.
INVALID_ARGUMENT : Discriminator for the InvalidArgument type.
INVALID_ELEMENT_CONFIGURATION : Discriminator for the InvalidElementConfiguration type.
INVALID_ELEMENT_TYPE : Discriminator for the InvalidElementType type.
INVALID_REQUEST : Discriminator for the InvalidRequest type.
NOT_ALLOWED_IN_CURRENT_STATE : Discriminator for the NotAllowedInCurrentState type.
NOT_FOUND : Discriminator for the NotFound type.
OPERATION_NOT_FOUND : Discriminator for the OperationNotFound type.
RESOURCE_BUSY : Discriminator for the ResourceBusy type.
RESOURCE_IN_USE : Discriminator for the ResourceInUse type.
RESOURCE_INACCESSIBLE : Discriminator for the ResourceInaccessible type.
SERVICE_UNAVAILABLE : Discriminator for the ServiceUnavailable type.
TIMED_OUT : Discriminator for the TimedOut type.
UNABLE_TO_ALLOCATE_RESOURCE : Discriminator for the UnableToAllocateResource type.
UNAUTHENTICATED : Discriminator for the Unauthenticated type.
UNAUTHORIZED : Discriminator for the Unauthorized type.
UNEXPECTED_INPUT : Discriminator for the UnexpectedInput type.
UNSUPPORTED : Discriminator for the Unsupported type.
UNVERIFIED_PEER : Discriminator for the UnverifiedPeer type.


default

'Default' means this response is used for all HTTP codes that are not covered individually for this operation.

Returns Std_Errors_Error of type(s) application/json
{
    "messages": [
        {
            "id": "string",
            "default_message": "string",
            "args": [
                "string"
            ],
            "params": {
                "params": {
                    "s": "string",
                    "dt": "string",
                    "i": 0,
                    "d": "number",
                    "l": {
                        "id": "string",
                        "params": {
                            "params": "Std_LocalizationParam Object"
                        }
                    },
                    "format": "string",
                    "precision": 0
                }
            },
            "localized": "string"
        }
    ],
    "data": {},
    "error_type": "string"
}
messages
Required

Stack of one or more localizable messages for human error consumers. The message at the top of the stack (first in the list) describes the error from the perspective of the operation the client invoked.

Each subsequent message in the stack describes the "cause" of the prior message.

object
data
Optional

Data to facilitate clients responding to the operation reporting a standard error to indicating that it was unable to complete successfully. Operations may provide data that clients can use when responding to errors. Since the data that clients need may be specific to the context of the operation reporting the error, different operations that report the same error may provide different data in the error. The documentation for each each operation will describe what, if any, data it provides for each error it reports.

The ArgumentLocations, FileLocations, and TransientIndication structures are intended as possible values for this field. DynamicID may also be useful as a value for this field (although that is not its primary purpose). Some services may provide their own specific structures for use as the value of this field when reporting errors from their operations.

Some operations will not set this field when reporting errors.

error_type
Optional

Enumeration of all standard errors. Used as discriminator in protocols that have no standard means for transporting the error type, e.g. REST.
ERROR : Discriminator for the Error type.
ALREADY_EXISTS : Discriminator for the AlreadyExists type.
ALREADY_IN_DESIRED_STATE : Discriminator for the AlreadyInDesiredState type.
CANCELED : Discriminator for the Canceled type.
CONCURRENT_CHANGE : Discriminator for the ConcurrentChange type.
FEATURE_IN_USE : Discriminator for the FeatureInUse type.
INTERNAL_SERVER_ERROR : Discriminator for the InternalServerError type.
INVALID_ARGUMENT : Discriminator for the InvalidArgument type.
INVALID_ELEMENT_CONFIGURATION : Discriminator for the InvalidElementConfiguration type.
INVALID_ELEMENT_TYPE : Discriminator for the InvalidElementType type.
INVALID_REQUEST : Discriminator for the InvalidRequest type.
NOT_ALLOWED_IN_CURRENT_STATE : Discriminator for the NotAllowedInCurrentState type.
NOT_FOUND : Discriminator for the NotFound type.
OPERATION_NOT_FOUND : Discriminator for the OperationNotFound type.
RESOURCE_BUSY : Discriminator for the ResourceBusy type.
RESOURCE_IN_USE : Discriminator for the ResourceInUse type.
RESOURCE_INACCESSIBLE : Discriminator for the ResourceInaccessible type.
SERVICE_UNAVAILABLE : Discriminator for the ServiceUnavailable type.
TIMED_OUT : Discriminator for the TimedOut type.
UNABLE_TO_ALLOCATE_RESOURCE : Discriminator for the UnableToAllocateResource type.
UNAUTHENTICATED : Discriminator for the Unauthenticated type.
UNAUTHORIZED : Discriminator for the Unauthorized type.
UNEXPECTED_INPUT : Discriminator for the UnexpectedInput type.
UNSUPPORTED : Discriminator for the Unsupported type.
UNVERIFIED_PEER : Discriminator for the UnverifiedPeer type.