5.5
Table Of Contents
- vCloud API Programming Guide
- Contents
- vCloud API Programming Guide
- About the VMware vCloud API
- Hello vCloud: A Simplified RESTful Workflow
- Exploring a Cloud
- Summary of vCloud API Browsing Requests
- Retrieve the Login URL and List of Supported API Versions
- Create a Login Session Using the Integrated Identity Provider
- Retrieve a List of Organizations Accessible to You
- Retrieve an Administrative View of a Cloud
- Retrieve a List of vSphere Platform Operations and Objects for a Cloud
- Provisioning an Organization
- Summary of vCloud API Provisioning Requests
- Upload an OVF Package to Create a vApp Template
- Download a vApp or vApp Template as OVF
- Upload a Media Image
- Download a Media Image
- Capturing and Importing vApps
- Managing Catalog Items
- Creating and Using Independent Disks
- View or Change the Owner of an Object
- Controlling Access to vApps and Catalogs
- Deploying and Operating vApps
- Summary of vCloud API vApp and Virtual Machine Operations Requests
- Create a vApp From a Template
- Create a vApp From an OVF Package
- Compose a vApp From Existing Virtual Machines
- Recompose a vApp to Add or Remove Virtual Machines
- Clone a vApp
- Capture a vApp as a Template
- Update vApp Access Controls
- Provide User Input Requested by a Virtual Machine
- Attach or Detach an Independent Disk
- Creating and Using vApp Snapshots
- Operate a vApp
- Configuring vApps and Virtual Machines
- Retrieve the Configuration Links for a vApp
- Retrieve the Configuration Links for a Virtual Machine
- Update Multiple Sections of a Virtual Machine
- Retrieve or Update a Modifiable Section
- Update a vApp Network Configuration
- Update the NetworkConnectionSection of a Virtual Machine
- Retrieve or Modify the CPU Configuration of a Virtual Machine
- Retrieve or Modify the GuestCustomizationSection of a Virtual Machine
- Retrieve or Modify ProductSection Elements
- Retrieve or Modify Groups of Related Sections in a Virtual Machine
- Retrieve or Modify the Hard Disk Configuration of a Virtual Machine
- Update the Storage Profile for a Virtual Machine
- Creating and Managing Organizations
- Summary of Administrative Requests
- Administrator Credentials and Privileges
- Organization Administration
- VDC Administration
- Network Administration
- Catalog Administration
- User and Group Administration
- Working With Roles and Rights
- Managing and Monitoring a Cloud
- Summary of System Administration Requests
- Retrieve or Update System Settings
- Attach a vCenter Server
- Finding Available vCenter Resources
- Create a Provider VDC
- Create an External Network
- Create a Network Pool
- Import a Virtual Machine from vCenter
- Relocate a Virtual Machine to a Different Datastore
- Truststore and Keytab Maintenance
- Retrieve the vSphere URL of an Object
- Working With Object Metadata
- Using the Query Service
- Configuring and Using Blocking Tasks and Notifications
- vCloud Director Extension Services
- XML Representations in the vCloud API
- Index
Working With Roles and Rights
A role associates a role name with a set of rights. A newly created organization includes a set of predefined
roles and rights inherited from the containing cloud. An organization administrator can add new roles or
modify predefined roles.
vCloud Director uses roles, and their associated rights, to determine whether a user or group is authorized
to perform an operation. When you create or import a user or group, you must assign it a role. You can use
one of the predefined roles, or you can create a role from existing rights.
Predefined roles and rights are properties of a cloud. Roles that an organization administrator creates are
properties of the organization.
NOTE You can create and modify rights associated with extension services, but not those associated with
vCloud Director. See “Create a Service-Specific Right,” on page 349
Predefined Roles and Their Rights
vCloud Director includes predefined roles. Each of these roles includes a set of default rights.
System Administrator
The system administrator has super-user rights for the entire system. System administrator credentials are
established during installation and configuration. A system administrator can create additional system
administrator accounts. All system administrators are members of the system organization. You cannot
modify the rights associated with this role.
Organization Roles
After creating an organization, a system administrator can assign the role of organization administrator to
any user in the organization. An organization administrator has super-user rights within that organization,
and can assign any of the predefined roles to the organization's users and groups.
Organization
Administrator
An organization administrator can assign the role of organization
administrator to any member of an organization.
Catalog Author
The rights associated with the catalog author role allow a user to create and
publish catalogs.
vApp Author
The rights associated with the vApp Author role allow a user to use catalogs
and create vApps.
vApp User
The rights associated with the vApp User role allow a user to use existing
vApps.
Console Access Only
The rights associated with the Console Access Only role allow a user to view
virtual machine state and properties and to use the guest OS.
Each predefined role includes a set of default rights. If an organization administrator modifies the set of
rights associated with a predefined role, those modifications apply only in the context of that organization.
If a system administrator modifies the set of rights associated with a predefined role, those modifications
apply to all organizations in the system.
You classify rights according to the objects to which they apply.
Rights Associated with Catalogs
Admin rights are granted to the system administrator throughout the system, and to an organization
administrator within the organization.
Chapter 6 Creating and Managing Organizations
VMware, Inc. 227