An organization administrator can create user accounts that are local to the organization. Local user accounts are stored in the VMware Cloud Director database.

Every user exists within the context of an organization. An organization administrator can create a local user in an organization by POSTing a User element to the organization’s add URL for users, as shown in Create a Local User.

When you create a user, you must include the Role and Password elements in the request body. The role can be a predefined role or one created by the organization administrator. For more information about retrieving a list of predefined roles, see Retrieve an Administrative View of a Cloud. For more information about creating new roles, see Create a Role in Your Organization.

Note: Starting with API version 38.0, the POST /admin/org/{id}/users operation is deprecated.

Prerequisites

This operation requires the rights included in the predefined Organization Administrator role or an equivalent set of rights. Verify that you are logged in to the vCloud Air Compute Service as an Account Administrator.

Procedure

  1. Retrieve the list of roles in your organization.
    See the RoleReferences element of your organization. This element contains a reference to local instance of each predefined role. It also contains references to roles created in the organization. 
    GET https://vcloud.example.com/api/admin/org/26
...
<AdminOrg ... >
   ...
   <RoleReferences>
      <RoleReference
         href="https://vcloud.example.com/api/admin/org/26/role/29971497-38da-3974-98d6-e39bbd5b482f"
         name="Defer to Identity Provider"
         type="application/vnd.vmware.admin.role+xml" />
      <RoleReference
         href="https://vcloud.example.com/api/admin/org/26/role/2e4ad538-67f5-4d4d-ad51-2dcd512a30f6"
         name="Console Access Only"
         type="application/vnd.vmware.admin.role+xml" />
      ...
      <RoleReference
         href="https://vcloud.example.com/api/admin/org/26/role/13a69c14-e64c-409f-800f-0ecc470ea42d"
         name="vApp Author"
         type="application/vnd.vmware.admin.role+xml" />
   </RoleReferences>
</AdminOrg>
  2. Create a User element that defines the user account properties.
    Include the Role and Password elements in the request body. See the request portion of Create a Local User.
  3. POST the User element to the organization's add URL for users.

Results

The server creates a user account in the VMware Cloud Director database and returns an updated User element to the client.

Example: Create a Local User

This example adds the user to the organization created in Create an Organization. The user is given the predefined role vApp Author, using the role href retrieved in Step 1. The request includes an optional IsEnabled element that enables the user. If not present in the request, IsEnabled defaults to false.

The response is a User element, most of which does not appear in this example. The response includes a link that an administrator can use to edit user properties, and additional elements, such as IsDefaultCached and StoredVmQuota, whose values are inherited from the organization.

  • The Password element, which must not be empty when you create a local User, is never returned.
  • The ProviderType, which defines the identity provider for this user, was not specified in the request, and defaults to INTEGRATED. Local users are managed by the integrated identity provider. See About Identity Providers.
Request: 
POST https://vcloud.example.com/api/admin/org/26/users
Content-Type: application/vnd.vmware.admin.user+xml
...
<?xml version="1.0" encoding="UTF-8"?>
<User
   xmlns="http://www.vmware.com/vcloud/v1.5"
   name="ExampleUser" >
   <FullName>Example User Full Name</FullName>
   <EmailAddress>[email protected]</EmailAddress>
   <IsEnabled>true</IsEnabled>
   <Role
      href="https://vcloud.example.com/api/admin/org/26/role/13a69c14-e64c-409f-800f-0ecc470ea42d" />
   <Password>Pa55w0rd</Password>
   <GroupReferences />
</User>
Response: 
201 Created
Content-Type: application/vnd.vmware.admin.user+xml
...
<User
   xmlns="http://www.vmware.com/vcloud/v1.5"
   name="ExampleUser"
   id="urn:vcloud:user:85"
   type="application/vnd.vmware.admin.user+xml"
   href="https://vcloud.example.com/api/admin/user/85" ... >
   <Link
      rel="edit"
      type="application/vnd.vmware.admin.user+xml"
      href="https://vcloud.example.com/api/admin/user/85" />
   <FullName>Example User Full Name</FullName>
   <EmailAddress>[email protected]</EmailAddress>
   <IsEnabled>true</IsEnabled>
   <ProviderType>INTEGRATED</ProviderType>
   <IsAlertEnabled>false</IsAlertEnabled>
   <IsDefaultCached>false</IsDefaultCached>
   <IsGroupRole>false</IsGroupRole>
   <StoredVmQuota>0</StoredVmQuota>
   <DeployedVmQuota>0</DeployedVmQuota>
   <Role
      type="application/vnd.vmware.admin.role+xml"
      name="vApp Author"
      href="https://vcloud.example.com/api/admin/org/26/role/13a69c14-e64c-409f-800f-0ecc470ea42d" />
   <GroupReferences />
</User>