`vim_role`¶

vCenter authorization roles via SOAP AuthorizationManager.

REST (/api/vcenter/...) doesn’t expose authorization role CRUD in VCF 9.x; the SOAP AuthorizationManager is the only path.

Role identity model:

Each role has a server-assigned integer roleId and a human name.
System roles (Admin, ReadOnly, View, Anonymous, etc.) have the system flag set and cannot be modified or removed.

saltext.vcf.clients.vim_role.list_(opts, profile=None)[source]¶: Return a list of {role_id, name, system, info, privilege} dicts.

saltext.vcf.clients.vim_role.get(opts, name, profile=None)[source]¶: Return the role record for name, raising LookupError if missing.

saltext.vcf.clients.vim_role.create(opts, name, privileges, profile=None)[source]¶

Create a custom role with the given privileges list.

Returns the new roleId.

saltext.vcf.clients.vim_role.update(opts, name, privileges, profile=None)[source]¶: Replace the privilege set on the role name.

saltext.vcf.clients.vim_role.delete(opts, name, fail_if_used=True, profile=None)[source]¶

Delete role name.

When fail_if_used is True (default) the call raises if any permission still references the role. False forces removal and converts existing references to -1 (no permission).

saltext.vcf.clients.vim_role.list_privileges(opts, profile=None)[source]¶: Catalog of every privilege known to vCenter.

vim_role¶

`vim_role`¶