esx authentication client profiles: access grant
The
access_grant structure contains information about access permissions.The structure includes resource type and the specific resource information - entitlement.
Representation:
{
"resource_type" : "ENTITLEMENT",
"entitlement" : "IDENTITY_MGMT"
}
"resource_type" : "ENTITLEMENT",
"entitlement" : "IDENTITY_MGMT"
}
Attributes:
| Name | Type | Description |
|---|---|---|
| Required | ||
| resource_type | string | Type of permission entity. Defines the types of esx.authentication.client_profiles.access_grant elements in a client profile. These are permission resource types. There is support for entitlements, but not for groups. Value is one of: ENTITLEMENT: Permission entitlements. These are coarse-grained permissions that are not associated with an object, i.e. they are system-wide. |
| Optional | ||
| entitlement | string | The entitlement in the access grant. Defines all permission entitlements supported on the ESX. These are coarse-grained permissions that are not associated with an object, i.e. they are system-wide. Value is one of:IDENTITY_MGMT: Allows modifying the identity configuration. For example: esx.authentication.client_profiles, esx.authentication.trust.security_token_issuers. SECURITY_MGMT: Allows modifying security configuration. For example: KMS, Attestation. READ_ONLY: Allows access to some read-only operations. Not all read-only operations are accessible with this entitlement. Check the specific operation documentation for the required authorization. OBSERVABILITY: Allows access to monitoring and statistical performance data. This constant was added in vSphere API 7.0.1.0.Optional. It is only relevant when resource_type has value ENTITLEMENT. This field is optional and it is only relevant when the value of resource_type is ENTITLEMENT. |