Before you can browse and extend networks with vCloud Director Extender, you must assign advanced networking permissions to the Organization Administrator user role.

Prerequisites

  • Make sure to run the cURL commands from a cURL-enabled machine that can connect to vCloud Director.

  • The API version used in the Accept header depends on the vCloud Director version. For example:

    • for vCloud Director 8, use version=1.5

    • for vCloud Director 9, use version=27.0

Procedure

  1. Create a valid vCloud Director API session. 
    curl -i -k -H "Accept:application/*+xml;version=api-version" -u  'user-name@System:password' -X POST https://vcd-ip/api/sessions
    1. Copy the value of the x-vcloud-authorization header.
  2. Retrieve the ID of the Organization. 
    curl -i -k -H "Accept:application/*+xml;version=api-version" -H 'x-vcloud-authorization: authorization-id' -X GET https://vcd-ip/api/admin/orgs/query
    1. Copy the organization ID from the following URL:

      href=https://vcd-ip/api/org/org-id

  3. Retrieve the list with currently assigned rights and output the result to an xml file. 
    curl -i -k -H "Accept:application/*+xml;version=api-version" -H 'x-vcloud-authorization: authorization-id' -X GET https://vcd-ip/api/admin/org/org-id/rights > path-to-xml
  4. Use a text editor to open the xml file.
  5. Modify the xml file to use it as a payload for a POST request: 
    <?xml version="1.0" encoding="UTF-8"?>
<OrgRights xmlns="http://www.vmware.com/vcloud/api-version"> 
...
<RightReference href="http://vcd-ip/api/admin/right/105191de-9e29-3495-a917-05fcb5ec1ad0" name="Organization vDC Gateway: View L2 VPN" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="http://vcd-ip/api/admin/right/eeb2b2a0-33a1-36d4-a121-6547ad992d59" name="Organization vDC Gateway: Configure L2 VPN" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="http://vcd-ip/api/admin/right/66b32e08-1eeb-37ac-9266-ffbd19b39dd8" name="Right: View" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="http://vcd-ip/api/admin/right/4886663f-ae31-37fc-9a70-3dbe2f24a8c5" name="Catalog: Add vApp from My Cloud" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="http://vcd-ip/api/admin/right/438e45e9-9389-3e29-9073-638b36921a2a" name="Disk: Create" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="http://vcd-ip/api/admin/right/1e5ad20d-1023-34d1-b073-1ea30bce3854" name="Disk: Delete" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="http://vcd-ip/api/admin/right/7bbee458-b3c5-3252-ba5a-b1781b1c7b92" name="Disk: Edit Properties" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="http://vcd-ip/api/admin/right/fd036ae5-b78b-3c9f-8f28-a7f6b33d0d92" name="Disk: View Properties" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="http://vcd-ip/api/admin/right/2cd03d47-38e1-337a-907c-8d5b6a5258f2" name="Organization vDC Distributed Firewall: Configure Rules" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="http://vcd-ip/api/admin/right/4e61b5b8-0964-36b6-b021-da39aea724fc" name="Organization vDC Distributed Firewall: View Rules" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="http://vcd-ip/api/admin/right/9dc33fcb-346d-30e1-8ffa-cf25e05ba801" name="Organization vDC Gateway: Convert to Advanced Networking" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="http://vcd-ip/api/admin/right/2cd2d9d7-262c-34f8-8bee-fd92f422cc2c" name="General: Administrator Control" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="http://vcd-ip/api/admin/right/0b8c8cd2-5af9-32ad-a0bd-dc356503a552" name="General: Administrator View" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="http://vcd-ip/api/admin/right/b0cfe989-521b-3d7f-9bc2-f23c74a99633" name="Organization vDC Network: Edit Properties" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="http://vcd-ip/api/admin/right/2c8d98ef-4acc-3be4-9214-fcb9682b7a19" name="Organization vDC Network: View Properties" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="http://vcd-ip/api/admin/right/6cb3596a-15eb-3c2f-a657-5f14f2039719" name="Organization Network: Edit Properties" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="http://vcd-ip/api/admin/right/194c71a1-3d68-3156-b789-6a6384028b78" name="Organization Network: View" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="http://vcd-ip/api/admin/right/60be4106-1f9f-325c-8ff4-8bf2c6d9bc0a" name="Organization Network: Create or Delete" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="http://vcd-ip/api/admin/right/2dc8abec-2e0d-3789-a5f9-ce0453160b53" name="vApp: Create / Reconfigure" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="http://vcd-ip/api/admin/right/df05c07f-c537-3777-8d9b-a9cfe8d49014" name="vApp: Delete" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="http://vcd-ip/api/admin/right/c2a29357-1b2a-3f9d-9cd6-de3d525d49f3" name="vApp: Edit Properties" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="http://vcd-ip/api/admin/right/580860cd-55bc-322d-ac39-4f9d8e3e1cd2" name="vApp: Power Operations" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="http://vcd-ip/api/admin/right/4965b0e7-9ed8-371d-8b08-fc716d20bf4b" name="vApp: Copy" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="http://vcd-ip/api/admin/right/8832800f-575f-3501-ad84-8e15f3898f11" name="vApp: Change Owner" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="http://vcd-ip/api/admin/right/5250ab79-8f50-33f9-8af5-015cb39c380b" name="vApp: Edit VM Properties" type="application/vnd.vmware.admin.right+xml"/>
</OrgRights>
  6. Update the vCloud Director rights by using the xml file. 
    curl -i -k -H "Accept: application/*;version=api-version" -H 'Content-type: application/vnd.vmware.admin.org.rights+xml' -H 'x-vcloud-authorization: authorization-id' -X POST -d @path-to-xml
https://vcd-ip/api/admin/org/org-id/rights
  7. Enable the advanced networking rights for the Organization Administrator user role.
    1. In the vCloud Director Web Console, click Administration > Roles.
    2. Click the Organization Administrator role.

      The Role Properties dialog opens.

    3. Verify that following rights are selected:

      Category

      Permission Name

      Gateway (Advanced) Services

      View L2 VPN

      Gateway (Advanced) Services

      Configure L2 VPN

      Right

      View Right

      Catalog

      Add a vApp from My Cloud

      Disk

      Create a Disk

      Disk

      Delete a Disk

      Disk

      Edit Disk Properties

      Disk

      View Disk Properties

      Distributed Firewall

      Configure Distributed Firewall Rules

      Distributed Firewall

      View Distributed Firewall Rules

      Gateway

      Convert to Advanced Gateway

      Gateway

      View Gateway

      General

      Administrator Control

      General

      Administrator View

      Organization vDC Network

      Edit Properties

      Organization vDC Network

      View Properties

      Organization

      Edit Organization Network Properties

      Organization

      View Organization Networks

      Organization

      Create / Delete Organization Network

      vApp

      Create / Reconfigure a vApp

      vApp

      Delete a vApp

      vApp

      Edit vApp Properties

      vApp

      Power Operations (Start/Stop/Suspend/Reset a vApp)

      vApp

      Copy a vApp

      vApp

      Change Owner

      vApp

      Edit VM Properties