Administrator Credentials and Privileges
An administrator's privileges are scoped by the organization to which the administrator authenticates.
The vCloud API defines two levels of administrative privilege:
- Organization administrators, who have administrative privileges in a specific organization.
- System administrators, who have superuser privileges throughout the system. System administrators are members of the System organization, and can create, read, update, and delete all objects in a cloud. They have organization administrator rights in all organizations in a cloud, and can operate directly on vSphere resources to create and modify provider VDCs, external networks, network pools, and similar system-level objects.
Some administrative operations,
and all vSphere platform operations, are restricted to the system
administrator. Before you attempt these operations, log in to the
System
organization with the user name and password of the system administrator
account that was created when
vCloud Director
was installed, or the user name and password of any member of the
System
organization. For example, a system administrator whose user name was defined
as
administrator would log in as
administrator@System.
The System Organization
The System organization is created automatically when vCloud Director is installed. Unlike the organizations represented by Org and AdminOrg objects, the System organization cannot contain catalogs, VDCs, groups, or users who are not system administrators.
The System organization is initially configured with one member, a local user defined as part of the vCloud Director setup process. Like all organizations, the System organization is created with implicit support for the vCloud Director integrated identity provider. A system administrator can reconfigure the System organization to use any of the other identity providers supported by vCloud Director.
The System Organization
When a system administrator logs in to the vCloud API, the OrgList in the returned Session element contains a link to the System organization.
<OrgList ... >
...
<Org
type="application/vnd.vmware.admin.systemOrganization+xml"
name="System"
href="https://vcloud.example.com/api/admin/org/123"/>
...
</OrgList>