A service can create rights that apply to its operations. You can add these rights to existing roles or new roles.

In the vCloud API, a right is simply a name that a service attaches to a privilege. When a service specifies an ACL rule for a resource class action, the rule can reference a right. A user who is assigned a role that includes the right is authorized to take the specified action.

Prerequisites

This operation is restricted to system administrators.

Procedure
1

Retrieve the XML representation of the service.

Use a request like this one:

GET https://vcloud.example.com/api/admin/extension/service/45
2

Examine the response to find the Link for adding or listing service-specific rights

This Link has the following form:

<vcloud:Link
      rel="rights"
      type="application/vnd.vmware.admin.rights+xml"
      href="https://vcloud.example.com/api/admin/extension/service/45/rights" />
3

Construct a Right element.

For information about the contents of this element, see the request portion of Example: Create a Service-Specific Right.

4

POST the Right element to the URL described in Step 2.

Example: Create a Service-Specific Right

This request creates a right named DeleteBackup. The name attribute and Category element are required, and can have any string value. Include a BundleKey if any messages associated with the right appear in a localization bundle.

Request:

POST https://vcloud.example.com/api/admin/extension/service/45/rights
Content-type:application/vnd.vmware.admin.right+xml
<?xml version="1.0" encoding="UTF-8"?>
<Right
   xmlns="http://www.vmware.com/vcloud/v1.5"
   name="DeleteBackup">
   <Description>Right to remove a backup object</Description>
   <Category>VcdBackup</Category>
   <BundleKey>BackupBundle</BundleKey>
</Right>

The response is a Right element that includes information derived from the contents you POSTed. The service namespace name is prepended to the name of the right.

Response:

201 Created
Content-Type: application/vnd.vmware.admin.right+xml
...
<Right
   xmlns="http://www.vmware.com/vcloud/v1.5"
   name="{org.example.vcd.backup}:DeleteBackup"
   id="urn:vcloud:right:99"
   type="application/vnd.vmware.admin.right+xml"
   href="https://vcloud.example.com/api/admin/right/99"
   ... >
   <Description>Right to remove a backup object</Description>
   <Category>VcdBackup</Category>
   <BundleKey>BackupBundle</BundleKey>
</Right>