Get Access
Get the information about the access control of the subject on given domain on the namespace.
Request
URLURL
https://{api_host}/api/vcenter/namespaces/instances/{namespace}/access/{domain}/{subject}
Path Parameters
Path Parameters
string
namespace
Required
Identifier for the namespace. The parameter must be an identifier for the resource type: com.vmware.vcenter.namespaces.Instance.
string
domain
Required
The domain of the subject.
string
subject
Required
The principal for this operation.
Query Parameters
Query Parameters
Header Parameters
Header Parameters
string
vmware-api-session-id
Required
Required session ID, acquired from Create Session API under CIS product
vmware-api-session-id example
"b00db39f948d13ea1e59b4d6fce56389"
Authentication
This operation uses the following authentication methods.
Response
Response
Response BodyResponse Body
200 OK returns
NamespacesAccessInfo
of type application/json
Information about the subject including the type and the role on the namespace.
{
"identity_provider": "string",
"inherited": false,
"role": "OWNER"
}
role
Required
The Access.Role enumerated type lists the default roles which can be associated with a subject on a domain on the namespace.
OWNER : This role allows modification and deletion of the namespace.
EDIT : This role allows modification of the namespace.
VIEW : This is a read-only role on the namespace.
Possible values are: OWNER , EDIT , VIEW
string
identity_provider
Optional
UUID of an external identity provider for the user, if any. Use this field if the user is coming from an external identity provider configured via the com.vmware.vcenter.namespace_management.supervisors.identity.Providers service. If unset, vCenter Single Sign-On will be used as the identity provider. When clients pass a value of this structure as a parameter, the field must be an identifier for the resource type: com.vmware.vcenter.namespace_management.identity.Provider. When operations return a value of this structure as a result, the field will be an identifier for the resource type: com.vmware.vcenter.namespace_management.identity.Provider.
boolean
inherited
Optional
Flag to indicate if the Access.Info.role is direct or inherited. The value is set to true if the Access.Info.role is inherited from group membership This field is optional because it was added in a newer version than its parent node.
Errors
400
com.vmware.vapi.std.errors.unsupported : if the specified principal on given domain is not associated with the namespace.
403
com.vmware.vapi.std.errors.unauthorized : if the user does not have System.Read privilege.
500
com.vmware.vapi.std.errors.error : if the system reports an error while responding to the request.
default
‘Default’ means this response is used for all HTTP codes that are not covered individually for this operation.
Code Samples
PowerCLI Client SDK Example
Invoke-GetNamespaceDomainSubjectAccess -Namespace "MyNamespace" -Domain "MyDomain" -Subject "MySubject" -Type "USER"
cURL Command
curl -H "vmware-api-session-id: b00db39f948d13ea1e59b4d6fce56389" https://{api_host}/api/vcenter/namespaces/instances/{namespace}/access/{domain}/{subject}?type=string
Vendor Extensions
This operation contains the following vendor extensions defined in the spec:
x-vmw-doc-operation: get
Availability
Added in 7.0.0.0
