Verify User Roles

To use the API, a vRealize Automation user must be an organization member with at least a user service role. You use the access token to verify user roles.

Prerequisites

Verify that you have an access token. See Get Your Access Token for the vRealize Automation API.

Procedure

  1. Assign values to the variables for the hostname of your vRealize Automation instance, your user name, and your password. 
    identity_service_url='http://<vRA-HOSTNAME>'
username='<your_username>'
password='<your_password>'
  2. Get your organization ID. 
    curl -X GET \
  "$identity_service_url/csp/gateway/am/api/loggedin/user/orgs" \
  -H "csp-auth-token: $access_token"
  3. Examine the response and assign the organization ID variable. 
    org_id='<your_org_id>'
  4. Get your organization role. 
    curl -X GET \
   $identity_service_url/csp/gateway/am/api/loggedin/user/orgs/$org_id/roles \
   -H "csp-auth-token: $access_token" | jq "."

    The name field displays the organization role and must be either org_owner or org_member.

  5. Get your service role. 
    curl -X GET \
   $identity_service_url/csp/gateway/am/api/loggedin/user/orgs/$org_id/service-roles \
   -H "csp-auth-token: $access_token" | jq "."

    The serviceRolesNames field displays the service role for each service and must be at least user.

Example: Verify User Roles

Using the access token previously obtained and assigned, verify user roles. See Get Your Access Token for the vRealize Automation API.

Assign variables. 
identity_service_url='https://vra-hostname.company.com'
username='[email protected]'
password='example_password'
Get your organization ID. 
curl -X GET \
  "$identity_service_url/csp/gateway/am/api/loggedin/user/orgs" \
  -H "csp-auth-token: $access_token"
The response shows the organization ID.
{
  "refLinks": [
    "/csp/gateway/am/api/orgs/7f8c518a-65f5-494b-b714-f7e349957a30"
  ],
  "items": [
    {
      "name": "DEFAULT-ORG",
      "displayName": "DEFAULT-ORG",
      "refLink": "/csp/gateway/am/api/orgs/7f8c518a-65f5-494b-b714-f7e349957a30",
      "id": "7f8c518a-65f5-494b-b714-f7e349957a30",
      "metadata": null,
      "parentRefLink": null
    }
  ]
}
Assign the organization ID variable.
org_id='7f8c518a-65f5-494b-b714-f7e349957a30'
Verify the organization role.
curl -X GET \
   $identity_service_url/csp/gateway/am/api/loggedin/user/orgs/$org_id/roles \
   -H "csp-auth-token: $access_token" | jq "."
The response shows that the organization role is org_owner.
{
    "refLink": "/csp/gateway/am/api/orgs/7f8c518a-65f5-494b-b714-f7e349957a30/roles/52a6a411-2339-4bc3-91bc-62418977df11",
    "name": "org_owner",
    "displayName": "Organization Owner",
    "organizationLink": "/csp/gateway/am/api/orgs/7f8c518a-65f5-494b-b714-f7e349957a30"
  }
Verify the service role.
curl -X GET \
   $identity_service_url/csp/gateway/am/api/loggedin/user/orgs/$org_id/service-roles \
   -H "csp-auth-token: $access_token" | jq "."
A snippet of the response shows the Service Role Names for the cloud assembly service. cloud_admin satisfies the minimum service role. 
...
 {
      "serviceDefinitionLink": "/csp/gateway/slc/api/definitions/external/<service_id>",
      "serviceRoleNames": [
        "automationservice:cloud_admin"
      ]
    }
...