4.2.1

Table Of Contents
+rx ../server/vmo/conf/plugins
+rx ../server/vmo/deploy/vmo-server/vmo-ds.xml
+rx ../../apps/
+r ../../version.txt
5 Save and close the file.
You can now set the server file system access from workflows and JavaScript.
Set JavaScript Access to Operating System Commands
The Orchestrator API provides a scripting class, Command, that runs commands in the Orchestrator server host
operating system. To prevent unauthorized access to the Orchestrator server host, by default, Orchestrator
applications do not have permission to run the Command class. If Orchestrator applications require permission
to run commands on the host operating system, you can activate the Command scripting class.
You grant permission to use the Command class by setting a system property in the vmo.properties properties
file.
Procedure
1 Navigate to the following folder on the Orchestrator server system.
Option Action
If you installed Orchestrator with the
vCenter Server installer
Go to
install_directory
\VMware\Infrastructure\Orchestrator\app-
server\server\vmo\conf.
If you installed the standalone
version of Orchestrator
Go to
install_directory
\VMware\Orchestrator\app-
server\server\vmo\conf.
2 Open the vmo.properties configuration file in a text editor.
3 Set the com.vmware.js.allow-local-process system property by adding the following line to the
vmo.properties file.
com.vmware.js.allow-local-process=true
4 Save the vmo.properties file.
5 Restart the Orchestrator server.
You granted permissions to Orchestrator applications to run local commands in the Orchestrator server host
operating system.
NOTE By setting the com.vmware.js.allow-local-process system property to true, you allow the Command
scripting class to write anywhere in the file system. This property overrides any file system access permissions
that you set in the js-io-rights.conf file for the Command scripting class only. The file system access permissions
that you set in the js-io-rights.conf file still apply to all scripting classes other than Command.
Set JavaScript Access to Java Classes
By default, Orchestrator restricts JavaScript access to a limited set of Java classes. If you require JavaScript
access to a wider range of Java classes, you must set an Orchestrator system property to allow this access.
Allowing the JavaScript engine full access to the Java virtual machine (JVM) presents potential security issues.
Malformed or malicious scripts might have access to all of the system components to which the user who runs
the Orchestrator server has access. Consequently, by default the Orchestrator JavaScript engine can access only
the classes in the java.util.* package.
Chapter 6 Setting System Properties
VMware, Inc. 51