Fault - InsufficientPermission

Class
VMware.Hv.InsufficientPermission
Parent Class
SecurityError
See also
AccessGroupId, EntityId
Since
Horizon View 6.0

Fault Description

An InsufficientPermission exception is thrown if the calling user does not have a valid permission on a certain resource involved in the method. That resource may be stored within a permitted access group hierarchy.

Data Object Properties

Properties

Name Type Description
resourceEntityId

The id, if any, of the resource that the user has insufficient permissions for.
  • This property need not be set.
privilegesxsd:string[]

The insufficent privileges.
  • This property will be one of:
    Value Description
    "ADMINISTRATOR"ADMINISTRATOR Privilege
    • Name: Full
    • Type: All
    • Description: Full administrator privilege, including Multi-Datacenter View configuration.
    • Selectable: no
    "ADMINISTRATOR_VIEW"ADMINISTRATOR_VIEW Privilege
    • Name: Full (Read only)
    • Type: All
    • Description: Full read only administrator privilege, including Multi-Datacenter View configuration.
    • Selectable: no
    "VC_CONFIG_VIEW"VC_CONFIG_VIEW Privilege
    • Name: Manage vCenter Configuration (Read Only)
    • Type: All
    • Description: Read only access to vCenter Configuration.
    • Selectable: no
    "LOCAL_ADMINISTRATOR"LOCAL_ADMINISTRATOR Privilege
    • Name: Full Local
    • Type: All
    • Description: Full administrator privilege, except to Multi-Datacenter View configuration and to manage roles and privileges.
    • Selectable: no
    "LOCAL_ADMINISTRATOR_VIEW"LOCAL_ADMINISTRATOR_VIEW Privilege
    • Name: Full Local (Read only)
    • Type: All
    • Description: Full read only administrator privilege, except to Multi-Datacenter View configuration.
    • Selectable: no
    "INVENTORY_ADMINISTRATOR"INVENTORY_ADMINISTRATOR Privilege
    • Name: Manage Inventory
    • Type: All
    • Description: Access to all inventory objects.
    • Selectable: no
    "INVENTORY_ADMINISTRATOR_VIEW"INVENTORY_ADMINISTRATOR_VIEW Privilege
    • Name: Manage Inventory (Read only)
    • Type: All
    • Description: Read only access to all inventory objects.
    • Selectable: no
    "HELPDESK_ADMINISTRATOR"HELPDESK_ADMINISTRATOR Privilege
    • Name: Manage Help Desk
    • Type: All
    • Description: Access to Help Desk portal.
    • Selectable: no
    "HELPDESK_ADMINISTRATOR_VIEW"HELPDESK_ADMINISTRATOR_VIEW Privilege
    • Name: Manage Help Desk (Read only)
    • Type: All
    • Description: Read only access to Help Desk portal.
    • Selectable: yes
    "FEDERATED_LDAP_MANAGE"FEDERATED_LDAP_MANAGE Privilege
    • Name: Manage Global LDAP
    • Type: All
    • Description: Manage global (Multi-Datacenter View) LDAP.
    • Selectable: no
    "FEDERATED_LDAP_VIEW"FEDERATED_LDAP_VIEW Privilege
    • Name: Manage Global LDAP (Read only)
    • Type: All
    • Description: Read only access to global (Multi-Datacenter View) LDAP.
    • Selectable: no
    "FEDERATED_SESSIONS_MANAGE"FEDERATED_SESSIONS_MANAGE Privilege
    • Name: Manage Federated Sessions
    • Type: All
    • Description: Manage federated (local and non-local) sessions.
    • Selectable: yes
    "FEDERATED_SESSIONS_VIEW"FEDERATED_SESSIONS_VIEW Privilege
    • Name: Manage Federated Sessions (Read only)
    • Type: All
    • Description: Read only access to federated (local and non-local) sessions.
    • Selectable: no
    "GLOBAL_ADMINISTRATOR"GLOBAL_ADMINISTRATOR Privilege
    • Name: Manage Global Configuration
    • Type: All
    • Description: Manage global (non-inventory) configuration settings, including global (Multi-Datacenter View) LDAP.
    • Selectable: no
    "GLOBAL_ADMINISTRATOR_VIEW"GLOBAL_ADMINISTRATOR_VIEW Privilege
    • Name: Manage Global Configuration (Read only)
    • Type: All
    • Description: Read only access to global (non-inventory) configuration settings, including global (Multi-Datacenter View) LDAP.
    • Selectable: no
    "GLOBAL_ADMIN_UI_INTERACTIVE"GLOBAL_ADMIN_UI_INTERACTIVE Privilege
    • Name: Console Interaction
    • Type: Global
    • Description: Can log into View Administrator.
    • Selectable: yes
    "GLOBAL_ADMIN_SDK_INTERACTIVE"GLOBAL_ADMIN_SDK_INTERACTIVE Privilege
    • Name: Direct Interaction
    • Type: Global
    • Description: Can run all command line utilities and PowerShell commands.
    • Selectable: yes
    "GLOBAL_MACHINE_REGISTER"GLOBAL_MACHINE_REGISTER Privilege
    • Name: Register Agent
    • Type: Global
    • Description: Register non-vCenter machine sources such as Windows Terminal Servers and physical PCs.
    • Selectable: yes
    "GLOBAL_ROLE_PERMISSION_MANAGEMENT"GLOBAL_ROLE_PERMISSION_MANAGEMENT Privilege
    • Name: Manage Roles and Permissions
    • Type: Global
    • Description: Add, modify, and delete administrator roles and permissions.
    • Selectable: yes
    "GLOBAL_ROLE_MANAGEMENT"GLOBAL_ROLE_MANAGEMENT Privilege
    • Name: Manage Roles
    • Type: Global
    • Description: Add, modify, and delete administrator roles.
    • Selectable: no
    "GLOBAL_ROLE_VIEW"GLOBAL_ROLE_VIEW Privilege
    • Name: Manage Roles (Read only)
    • Type: Global
    • Description: Read only access to administrator roles.
    • Selectable: no
    "GLOBAL_PERMISSION_VIEW"GLOBAL_PERMISSION_VIEW Privilege
    • Name: Manage Permissions (Read only)
    • Type: Global
    • Description: Read only access to administrator permissions.
    • Selectable: no
    "GLOBAL_PERMISSION_MANAGEMENT"GLOBAL_PERMISSION_MANAGEMENT Privilege
    • Name: Manage Permissions
    • Type: Global
    • Description: Add, modify, and delete administrator permissions.
    • Selectable: no
    "GLOBAL_CONFIG_VIEW"GLOBAL_CONFIG_VIEW Privilege
    • Name: Manage Global Configuration and Policies (Read only)
    • Type: Global
    • Description: Read only access to global (non-inventory) policy, configuration, and RDS server settings, except administrator roles and permissions and global (Multi-Datacenter View) LDAP.
    • Selectable: no
    "GLOBAL_CONFIG_MANAGEMENT"GLOBAL_CONFIG_MANAGEMENT Privilege
    • Name: Manage Global Configuration and Policies
    • Type: Global
    • Description: View and change global (non-inventory) policy, configuration, and RDS server settings, except for administrator roles and permissions.
    • Selectable: yes
    "THINAPP_VIEW"THINAPP_VIEW Privilege
    • Name: Manage ThinApp (Read only)
    • Type: Global
    • Description: Read only access to ThinApps.
    • Selectable: no
    "THINAPP_MANAGEMENT"THINAPP_MANAGEMENT Privilege
    • Name: Manage ThinApp
    • Type: Global
    • Description: Add, modify, and delete ThinApps, perform all ThinApp related commands.
    • Selectable: yes
    • Includes: THINAPP_ENTITLE
    "THINAPP_ENTITLE"THINAPP_ENTITLE Privilege
    • Name: Entitle ThinApp
    • Type: Global
    • Description: Add and remove ThinApp assignments.
    • Selectable: yes
    "FOLDER_MANAGEMENT"FOLDER_MANAGEMENT Privilege
    • Name: Manage Access Groups
    • Type: Global
    • Description: Add, modify, and delete access groups.
    • Selectable: no
    "FOLDER_VIEW"FOLDER_VIEW Privilege
    • Name: Manage Access Groups (Read only)
    • Type: Access group
    • Description: Read only access to access groups.
    • Selectable: no
    "POOL_VIEW"POOL_VIEW Privilege
    • Name: Manage Desktops, Farms, and Applications (Read only)
    • Type: Inventory - desktop
    • Description: Read only access to desktops, farms, applications, their local sessions, and their machines.
    • Selectable: no
    "POOL_MANAGEMENT"POOL_MANAGEMENT Privilege
    • Name: Manage Desktops, Farms, and Applications
    • Type: Inventory - desktop
    • Description: Add, modify, and delete desktops, applications and farms. Add and remove machines from desktops.
    • Selectable: yes
    • Includes: POOL_ENABLE, POOL_ENTITLE, POOL_SVI_IMAGE_MANAGEMENT
    "POOL_ENABLE"POOL_ENABLE Privilege
    • Name: Enable Desktops, Farms, and Applications
    • Type: Inventory - desktop
    • Description: Enable and disable desktops, farms, and applications.
    • Selectable: yes
    "POOL_ENTITLE"POOL_ENTITLE Privilege
    • Name: Entitle Desktops and Applications
    • Type: Inventory - desktop
    • Description: Add and remove desktop and application entitlements.
    • Selectable: yes
    "POOL_SVI_IMAGE_MANAGEMENT"POOL_SVI_IMAGE_MANAGEMENT Privilege
    • Name: Manage Composer Desktop Images
    • Type: Inventory - desktop
    • Description: Recompose, refresh, rebalance, and change default image for a desktop.
    • Selectable: yes
    "MACHINE_VIEW"MACHINE_VIEW Privilege
    • Name: Manage Machines (read only)
    • Type: Inventory - machine
    • Description: Read only access to machines and their local sessions.
    • Selectable: no
    "MACHINE_MANAGEMENT"MACHINE_MANAGEMENT Privilege
    • Name: Manage Machines
    • Type: Inventory - machine
    • Description: Perform all machine and session-related commands.
    • Selectable: yes
    • Includes: MACHINE_REBOOT, MACHINE_MANAGE_VDI_SESSION, MACHINE_MANAGE_OFFLINE_SESSION
    "MACHINE_REBOOT"MACHINE_REBOOT Privilege
    • Name: Manage Reboot Operation
    • Type: Inventory - machine
    • Description: Reset local machines.
    • Selectable: yes
    "MACHINE_MANAGE_VDI_SESSION"MACHINE_MANAGE_VDI_SESSION Privilege
    • Name: Manage Local Sessions
    • Type: Inventory - machine
    • Description: Disconnect, logoff, and send messages to local sessions.
    • Selectable: yes
    "MACHINE_MANAGE_OFFLINE_SESSION"MACHINE_MANAGE_OFFLINE_SESSION Privilege
    • Name: Manage Offline Sessions
    • Type: Inventory - machine
    • Description: Roll back offline sessions and initiate replications.
    • Selectable: yes
    "MANAGE_REMOTE_PROCESS"MANAGE_REMOTE_PROCESS Privilege
    • Name: Manage Remote Processes and Applications
    • Type: Inventory - machine
    • Description: Manage Remote Processes and Applications.
    • Selectable: yes
    "REMOTE_ASSISTANCE"REMOTE_ASSISTANCE Privilege
    • Name: Remote Assistance
    • Type: Inventory - machine
    • Description: Remote Assistance to Remote desktop.
    • Selectable: yes
    "UDD_VIEW"UDD_VIEW Privilege
    • Name: Manage Persistent Disks (Read only)
    • Type: Inventory - persistent disk
    • Description: Read only access to persistent disks.
    • Selectable: no
    "UDD_MANAGEMENT"UDD_MANAGEMENT Privilege
    • Name: Manage Persistent Disks
    • Type: Inventory - persistent disk
    • Description: Manage persistent disks.
    • Selectable: yes
accessGroupAccessGroupId

If the resource is located in an access group, the id of that access group.
  • This property need not be set.
Properties inherited from SecurityError
None
Properties inherited from RuntimeFault
None
Properties inherited from MethodFault
None