Add or Remove Users from Groups

You can add or remove users from authorization groups.

To add a user to a group, you must retrieve the user's details. The user details can be retrieved by using the vRealize Orchestrator user search endpoint. After retrieving the user details, it is necessary to add one more property in the user details object named role. The value of the role property can be either administrator or member. Administrators have run and edit permissions while members only have run permissions.

To remove a user from a group, it is only necessary to remove that user from the authorized-entities array.

Procedure

  1. To retrieve a user's details, perform a GET request at https://{orchestrator_fqdn}/vco/api/server/acc/search?searchText=admin.
    You receive a response similar to the following sample:
    [
    {
        "domain": "System Domain",
        "name": "admin",
        "type": "user",
        "id": "u:13 System Domainadmin"
    },
    {
        "domain": "vro.local",
        "name": "administrator"
        "type": "user",
        "id": "u:21 vro.localadministrator",
    }
]
  2. Modify the retrieved JSON response by adding permissions to the users in the group.
    Note: For this scenario, the system domain administrator user will only have run permissions for the objects in the group, and the [email protected] user will have run and edit permissions.
  3. Perform a PUT request at https://{orchestrator_fqdn}/vco/api/authorization-groups/{group_id} that includes the new user permissions in the request body.
    You receive a response similar to the following sample:
    {
    "authorized-entities": [
        {
            "role": "member",
            "domain": "System Domain",
            "name": "admin",
            "type": "user",
            "id": "u:13 System Domainadmin"
        },
        {
            "role": "administrator",
            "domain": "vro.local",
            "name": "administrator",
            "type": "user",
            "id": "u:21 vro.localadministrator"
        }
    ],
    "id": "3",
    "label": "New Group Name",
    "name": "New Group Name",
    "protected-resources": [
        {
            "id": "a04533f7-6bc4-4e57-a6e6-cf9eeb52472e",
            "type": "PolicyTemplate"
        },
        {
            "id": "ae3e900d-ca77-48cc-b75f-909902752583",
            "type": "ResourceElement"
        },
        {
            "id": "bfbf3bad-532f-46f7-8956-d5ba58a6d3c5",
            "type": "Workflow"
        },
        {
            "id": "d482d814-ed33-46dd-b557-a46de433c427",
            "type": "ScriptModule"
        },
        {
            "id": "04468e3c-5d3b-4c19-bada-586284543de5",
            "type": "ConfigurationElement"
        }
    ]
}