Create Access
Set up access control for the subject on given domain on the namespace.
Request
URLURL
https://{api_host}/api/vcenter/namespaces/instances/{namespace}/access/{domain}/{subject}
Path Parameters
Path Parameters
string
namespace
Required
Identifier for the namespace. The parameter must be an identifier for the resource type: com.vmware.vcenter.namespaces.Instance.
string
domain
Required
The domain of the subject.
string
subject
Required
The principal for this operation.
Query Parameters
Query Parameters
Header Parameters
Header Parameters
string
vmware-api-session-id
Required
Required session ID, acquired from Create Session API under CIS product
vmware-api-session-id example
"b00db39f948d13ea1e59b4d6fce56389"
Request Body
Request Body
NamespacesAccessCreateSpec of mimetype application/json
Required
Information about the access control to be created.
{
"role": "OWNER"
}
role
Required
The Access.Role enumerated type lists the default roles which can be associated with a subject on a domain on the namespace.
OWNER : This role allows modification and deletion of the namespace.
EDIT : This role allows modification of the namespace.
VIEW : This is a read-only role on the namespace.
Possible values are: OWNER , EDIT , VIEW
string
identity_provider
Optional
UUID of an external identity provider for the user, if any. Use this field if the user is coming from an external identity provider configured via the com.vmware.vcenter.namespace_management.supervisors.identity.Providers service. If unset, vCenter Single Sign-On will be used as the identity provider. When clients pass a value of this structure as a parameter, the field must be an identifier for the resource type: com.vmware.vcenter.namespace_management.identity.Provider. When operations return a value of this structure as a result, the field will be an identifier for the resource type: com.vmware.vcenter.namespace_management.identity.Provider.
Authentication
This operation uses the following authentication methods.
Errors
Errors
400
com.vmware.vapi.std.errors.already_exists : if the specified principal on given domain is already associated with a role on the namespace. | com.vmware.vapi.std.errors.not_allowed_in_current_state : if the namespace is marked for deletion or the associated cluster is being disabled. | com.vmware.vapi.std.errors.invalid_argument : if spec contains any errors or if an invalid type is specified.
403
com.vmware.vapi.std.errors.unauthorized : if the user does not have Namespaces.Configure privilege or the namespace identifier begins with “vmware-system” prefix.
500
com.vmware.vapi.std.errors.error : if the system reports an error while responding to the request.
default
‘Default’ means this response is used for all HTTP codes that are not covered individually for this operation.
Code Samples
PowerCLI Client SDK Example
$NamespacesAccessCreateSpec = Initialize-NamespacesAccessCreateSpec -Role "OWNER"
Invoke-CreateNamespaceDomainSubjectAccess -Namespace "MyNamespace" -Domain "MyDomain" -Subject "MySubject" -Type "USER" -NamespacesAccessCreateSpec $NamespacesAccessCreateSpec
PowerCLI Client SDK All Parameters Example
$NamespacesAccessCreateSpec = Initialize-NamespacesAccessCreateSpec -Role "OWNER" -IdentityProvider "MyIdentityProvider"
Invoke-CreateNamespaceDomainSubjectAccess -Namespace "MyNamespace" -Domain "MyDomain" -Subject "MySubject" -Type "USER" -NamespacesAccessCreateSpec $NamespacesAccessCreateSpec
cURL Command
curl -X POST -H "vmware-api-session-id: b00db39f948d13ea1e59b4d6fce56389" -H "Content-Type: application/json" -d '{"identity_provider":"string","role":"OWNER"}' https://{api_host}/api/vcenter/namespaces/instances/{namespace}/access/{domain}/{subject}?type=string
Vendor Extensions
This operation contains the following vendor extensions defined in the spec:
x-vmw-doc-operation: create
Availability
Added in 7.0.0.0
