Edit Organization Rights

An organization is initially granted a set of rights that is the union of all rights contained in the predefined roles. A system administrator can grant additional rights to an organization or remove rights previously granted.

When you create an organization, you can include an explicit set of RightReferences in the AdminOrg request body if you want the organization to include a set of rights that differs from the set it would otherwise receive on creation. If you do this, the predefined roles are created in the organization with a set of rights that is the intersection of the rights in the predefined role and the rights you granted to the organization.

You can also edit the rights available in an existing organization, as shown in Example: Grant Additional Rights to an Organization. When you edit the rights in an organization, you replace the existing set of rights with a new set of rights. The replacement set of rights typically combines the rights that currently exist in the organization with additional rights available from the system.

Prerequisites

This operation is restricted to system administrators.

Procedure

1	Retrieve the set of rights available in the system. Use a request like this one: GET https://vcloud.example.com/api/admin The RightReferences element returned by this request includes a RightReference for each right that you can grant to an organization.
2	Retrieve the set of rights that exist in the organization. Use a request like this one: GET https://vcloud.example.com/api/admin/org/`id`/rights The OrgRights element returned by this request includes a RightReference for each right that exists in the organization.
3	Create an OrgRights request body that includes the rights returned by the request you made in Step 2 and the additional rights (a subset of the rights returned by request you made in Step 1) that you want to grant to the organization. See Example: Grant Additional Rights to an Organization.
4	PUT the modified OrgRights request body to the organization's edit link for rights.

Example: Grant Additional Rights to an Organization

This request adds several unassigned rights (rights that are not part of any predefined role) to the set of rights that exist in an organization. The request replaces the rights in the organization with the set of rights in the request body, so you must include existing rights as well as new ones. Any rights not present in the request body are removed from the organization, and from all organization roles that include them.

Request:

PUT https://vcloud.example.com/api/admin/org/26/rights
Content-type: application/vnd.vmware.admin.org.rights+xml
...
<?xml version="1.0" encoding="UTF-8"?>
<OrgRights xmlns="http://www.vmware.com/vcloud/v1.5"> 
   <!-- include the existing rights -->
   <RightReference
      href="https://vcloud.example.com/api/admin/right/5ddb661d-caf0-3680-9a74-59d4b06137f3"
      name="Disk: Change Owner"
      type="application/vnd.vmware.admin.right+xml" />
   <RightReference
      href="https://vcloud.example.com/api/admin/right/b080bb50-cff1-3258-9683-842d34255a95"
      name="Organization vDC Gateway: Configure Services"
      type="application/vnd.vmware.admin.right+xml" />
   ...

   <!-- then add the new rights -->
   <RightReference
      href="https://vcloud.example.com/api/admin/right/79f48ce4-975d-3b88-ad19-a25ce58b9e91"
      name="vApp: Allow All Extra Config"
      type="application/vnd.vmware.admin.right+xml" />
   <RightReference
      href="https://vcloud.example.com/api/admin/right/896288a1-6dc9-39d1-b2e8-89332a93f97d"
      name="vApp: Allow Ethernet Coalescing Extra Config"
      type="application/vnd.vmware.admin.right+xml" />
   <RightReference
      href="https://vcloud.example.com/api/admin/right/a98dd24b-8fd0-3fac-b548-611a467a53df"
      name="vApp: Allow Latency Extra Config"
      type="application/vnd.vmware.admin.right+xml" />
   <RightReference
      href="https://vcloud.example.com/api/admin/right/a96bebdd-ee34-3d62-9014-5283a88bad34"
      name="vApp: Allow Matching Extra Config"
      type="application/vnd.vmware.admin.right+xml" />
</OrgRights>

The response (only a portion of which is shown here) includes the new set of OrgRights. It also includes a link you can use to edit this list of rights.

Response:

<?xml version="1.0" encoding="UTF-8"?>
<OrgRights
   xmlns="http://www.vmware.com/vcloud/v1.5"
   href="https://vcloud.example.com/api/admin/org/798e24f6-b0bd-4b93-8e2e-c3c65c907f43/rights">
   <Link
      rel="edit"
      href="https://vcloud.example.com/api/admin/org/798e24f6-b0bd-4b93-8e2e-c3c65c907f43/rights"
      type="application/vnd.vmware.admin.org.rights+xml" />
   <RightReference
      href="https://vcloud.example.com/api/admin/right/5ddb661d-caf0-3680-9a74-59d4b06137f3"
      name="Disk: Change Owner"
      type="application/vnd.vmware.admin.right+xml" />
   <RightReference
      href="https://vcloud.example.com/api/admin/right/b080bb50-cff1-3258-9683-842d34255a95"
      name="Organization vDC Gateway: Configure Services"
      type="application/vnd.vmware.admin.right+xml" />
   ...
   <RightReference
      href="https://vcloud.example.com/api/admin/right/79f48ce4-975d-3b88-ad19-a25ce58b9e91"
      name="vApp: Allow All Extra Config"
      type="application/vnd.vmware.admin.right+xml" />
   <RightReference
      href="https://vcloud.example.com/api/admin/right/896288a1-6dc9-39d1-b2e8-89332a93f97d"
      name="vApp: Allow Ethernet Coalescing Extra Config"
      type="application/vnd.vmware.admin.right+xml" />
   <RightReference
      href="https://vcloud.example.com/api/admin/right/a98dd24b-8fd0-3fac-b548-611a467a53df"
      name="vApp: Allow Latency Extra Config"
      type="application/vnd.vmware.admin.right+xml" />
   <RightReference
      href="https://vcloud.example.com/api/admin/right/a96bebdd-ee34-3d62-9014-5283a88bad34"
      name="vApp: Allow Matching Extra Config"
      type="application/vnd.vmware.admin.right+xml" />
</OrgRights>