Authorization APIs
The vcenter authorization package provides services for managing authorization.
The PrivilegeChecks service provides operations for retrieving permission privilege checks recorded by VPXD. The privilege checks are recorded as VPXD makes them. The latest recorded privilege check can be retrieved by a call to vcenter authorization privilege_checks Latest get This allows for querying of all privilege checks before or after that moment. For example, if an administrator wants to record the privilege checks made by a given UI workflow, they can do the following. 1. Retrieve the latest privilege check and store it. 2. Go through the UI workflow. 3. Retrieve the latest privilege check and store it. 4. Invoke com.vmware.vcenter.authorization.PrivilegeChecks.list with the values from steps 1) and 3) along with any additional filters.
The LatestPrivilegeChecks service provides operations for getting the latest recorded privilege check.
The Mappings service can be used to manage the relationship between containerized objects and vTContainer instances. A containerized object is any data object that is associated with a vTContainer instance, and can be of any resource type. Each vTContainer instance can hold any number of containerized objects, but there is a service defined limit to the number of vTContainer instances that can be associated with a single containerized object.
When a containerized object is deleted, its mappings to vTContainer instances are automatically removed. However, a vTContainer instance cannot be deleted until all mappings to it have been removed.