Unable to unselect "Allow Access to All Organization VDCs" right independently
search cancel

Unable to unselect "Allow Access to All Organization VDCs" right independently

book

Article ID: 371629

calendar_today

Updated On:

Products

VMware Cloud Director

Issue/Introduction

  • To create a tenant administrator user without "Allow Access to All Organization VDCs" right
  • However this right implies "Administrator control" and "Administrator view" rights.
  • Deactivating "Administrator control" and "Administrator view" the tenant administrator user cannot see any managed object for other users inside orgVDC. 
  • In earlier VCD versions (10.2 and before) , this right could be enabled and disabled without any dependencies

Environment

Cloud Director 10.3.1 and later

Cause

The feature Roles Based Access Control added in the 10.3.1 release introduced Implicit Rights, meaning if you had Right X, logically it made sense to have Right Y also.

This also meant that Cloud Director would not allow you to have Right Y without also having Right X.

Resolution

This is a known limitation which impacts versions of VMware Cloud Director 10.3.1 and later.

  • Cloud Director Engineering are aware of the limitation and have identified code changes to allow further granularity with Roles and Rights.
  • Currently it is planned for inclusion in a future release of Cloud Director.

 

Powered by Wolken Software