Managing Roles and
Permissions with AuthorizationManager
AuthorizationManager
is the service interface
for handling permissions and roles assigned to the users and groups you define
with
HostLocalAccountManager
.
AuthorizationManager
methods allow
you to create, modify, and manage roles and permissions, and to obtain
information about the roles and permissions defined in the system. If a
predefined role does not meet your needs, define a new one that contains only
the minimum set of required privileges.
The
AuthorizationManager
also allows
access and prevents access to specific server objects based on the permissions
associated with the object.
AuthorizationManager
includes methods for
managing roles and for managing permissions:
- Roles Management.AddAuthorizationRole,RemoveAuthorizationRole, andUpdateAuthorizationRole. See Using Roles to Consolidate Sets of Privileges and Modifying Sample Roles to Create New Roles.
- Permissions Management.MergePermissions,RemoveEntityPermission,ResetEntityPermissions,RetrieveAllPermissions,RetrieveEntityPermissions,RetrieveRolePermissions, andSetEntityPermissions. See Granting Privileges Through Permissions.
The following diagram shows these methods in a UML
diagram for
AuthorizationManager
and some of
its associated data objects.
AuthorizationManager Managed Object
AuthorizationManager
properties allow access to
information. For example:
- TheprivilegeListproperty returns a list of all privileges defined on the system, as an array ofAuthorizationPrivilegedata objects. Privileges are defined by VMware, on the objects and properties contained in the system. These privileges are fixed and cannot be changed by client applications.
- TheroleListproperty returns a list of all currently defined roles, including the system-defined roles, as an array ofAuthorizationRoledata objects.