A service can create rights that apply to its operations. You can add these rights to existing roles or new roles.

In the VMware Cloud Director API, a right is simply a name that a service attaches to a privilege. When a service specifies an ACL rule for a resource class action, the rule can reference a right. A user who is assigned a role that includes the right is authorized to take the specified action.

Prerequisites

This operation is restricted to system administrators.

Procedure

  1. Retrieve the XML representation of the service.
    Use a request like this one: 
    GET https://vcloud.example.com/api/admin/extension/service/45
  2. Examine the response to find the Link for adding or listing service-specific rights
    This Link has the following form: 
    <vcloud:Link
      rel="rights"
      type="application/vnd.vmware.admin.rights+xml"
      href="https://vcloud.example.com/api/admin/extension/service/45/rights" />
  3. Construct a Right element.
    For information about the contents of this element, see the request portion of Create a Service-Specific Right.
  4. POST the Right element to the URL described in Step 2.

Example: Create a Service-Specific Right

This request creates a right named DeleteBackup. The name attribute and Category element are required, and can have any string value. Include a BundleKey if any messages associated with the right appear in a localization bundle.

Request: 
POST https://vcloud.example.com/api/admin/extension/service/45/rights
Content-type:application/vnd.vmware.admin.right+xml
<?xml version="1.0" encoding="UTF-8"?>
<Right
   xmlns="http://www.vmware.com/vcloud/v1.5"
   name="DeleteBackup">
   <Description>Right to remove a backup object</Description>
   <Category>VcdBackup</Category>
   <BundleKey>BackupBundle</BundleKey>
</Right>

The response is a Right element that includes information derived from the contents you POSTed. The service namespace name is prepended to the name of the right.

Response: 
201 Created
Content-Type: application/vnd.vmware.admin.right+xml
...
<Right
   xmlns="http://www.vmware.com/vcloud/v1.5"
   name="{org.example.vcd.backup}:DeleteBackup"
   id="urn:vcloud:right:99"
   type="application/vnd.vmware.admin.right+xml"
   href="https://vcloud.example.com/api/admin/right/99"
   ... >
   <Description>Right to remove a backup object</Description>
   <Category>VcdBackup</Category>
   <BundleKey>BackupBundle</BundleKey>
</Right>