Managing Roles and Permissions with AuthorizationManager

AuthorizationManager is the service interface for handling permissions and roles assigned to the users and groups you define with HostLocalAccountManager. AuthorizationManager methods allow you to create, modify, and manage roles and permissions, and to obtain information about the roles and permissions defined in the system. If a predefined role does not meet your needs, define a new one that contains only the minimum set of required privileges.

The AuthorizationManager also allows access and prevents access to specific server objects based on the permissions associated with the object.

AuthorizationManager includes methods for managing roles and for managing permissions:

Roles Management. AddAuthorizationRole, RemoveAuthorizationRole, and UpdateAuthorizationRole. See Using Roles to Consolidate Sets of Privileges and Modifying Sample Roles to Create New Roles.
Permissions Management. MergePermissions, RemoveEntityPermission, ResetEntityPermissions, RetrieveAllPermissions, RetrieveEntityPermissions, RetrieveRolePermissions, and SetEntityPermissions. See Granting Privileges Through Permissions.

The following diagram shows these methods in a UML diagram for AuthorizationManager and some of its associated data objects.

Shows description, privilege, and role to create a permission with authorization manager. — Figure 1. AuthorizationManager Managed Object

AuthorizationManager properties allow access to information. For example:

The privilegeList property returns a list of all privileges defined on the system, as an array of AuthorizationPrivilege data objects. Privileges are defined by VMware, on the objects and properties contained in the system. These privileges are fixed and cannot be changed by client applications.
The roleList property returns a list of all currently defined roles, including the system-defined roles, as an array of AuthorizationRole data objects.