This article is part of the Service Provider Foundation Programmers Guide (SPF).
In Service Provider Foundation, sometimes a user cannot accomplish a task because they are missing a required permission. Permissions can be added to a user (as long as the current user can manage permissions) by using the
UserRoles OData collection.
The way Service Provider Foundation works with User Role permissions may be confusing at first. A
UserRole entity does not have a property to change permissions directly. Instead, you set the
UserRole.PermissionInput property to a collection of UserRolePermission objects. Each
UserRolePermission object represents all permissions the user has on a specific stamp. When the
UserRole entity is updated, the UserRole.PermissionInput property is processed. Each
UserRolePermission is read, and replaces all existing permissions (for the associated stamp) the user role has.
You will likely want to preserve existing permissions by copying them to the
UserRolePermission object, and then adding or removing specific permissions.
To add a permission to a user role with .NET
-
Connect to the Service Provider Foundation VMM service.
-
Obtain the SpfVMM.UserRole you want to add a permission to.
-
Create a new instance of the SpfVMM.UserRolePermission class.
-
Copy the UserRole.Permission to a new list or array of strings.
-
Add the new permissions to the list or array of permission strings.
-
Set the UserRolePermission.Permission property to a new instance of the
System.Collections.ObjectModel.ObservableCollection<string> class, providing the array of permission strings.
-
Set the UserRolePermission.StampId property to the stamp id the user permissions will apply to.
-
Add the UserRolePermission you created to the UserRole.PermissionInput collection.
-
Call the UpdateObject method on the VMM service object reference and pass in the changed
UserRole object.
-
Call the SaveChanges method on the VMM service object reference.
To add a permission to a user role with HTTP
-
Create a new HTTP PUT or MERGE operation.
Important
|
If you supply only the key and changed properties, use a MERGE operation.
PUT is used when you want to replace all properties on the entity with new or default values. The
MERGE operation updates the existing entity with the properties supplied.
PUT will update the existing entity with the properties supplied, but will reset all missing properties back to their default values. |
-
Set the URL to a specific user role identifier with the UserRoles collection: https://server:30005/subscription-id/services/systemcenter/vmm/UserRoles/user-role-id.
Important
|
The subscription-id being used must have permissions to alter the permissions of a user role. |
Tip
|
Provide the GUID of the user role on the URL. The previous example uses user-role-id as a placeholder. |
-
Add the HTTP headers.
Specifically, add the x-ms-principal-id header, which can be set to any value.
-
Create the HTTP payload containing the user role entity with at least the
ID anr the permissions of a user role.
Tip
|
Provide the GUID of the user role on the URL. The previous example uses user-role-id as a placeholder. |
d PermissionInput properties set.
Submit the HTTP request.
Example
The following example shows how to add the Checkpoint permission to an existing user role with .NET. This example also preserves all existing permissions that the user role already has. For more information, see
Programming in Visual Studio with Service Provider Foundation Services.
SpfVMM.VMM vmmService =
new
SpfVMM.VMM(
new
Uri(
"https://wapserver/:30005/97FD50F3-1DC0-41B6-A7C0-2B4FF4C3F7E3/services/systemcenter/vmm/"
));
vmmService.Credentials = System.Net.CredentialCache.DefaultNetworkCredentials;
// Get the existing user role
var userRole = vmmService.UserRoles.Where(ur => ur.Name ==
"fred@fred.com_97fd50f3-1dc0-41b6-a7c0-2b4ff4c3f7e3"
).FirstOrDefault();
if
(userRole !=
null
)
{
// Create the new permission
var permission =
new
SpfVMM.UserRolePermission();
// Preserve the existing permissions using System.Linq extensions
var perms = userRole.Permission.ToList();
// Add the new permission
perms.Add(
"Checkpoint"
);
// create the new permission object
permission.Permission =
new
System.Collections.ObjectModel.ObservableCollection<
string
>(perms);
permission.StampId =
new
Guid(
"ba4146fa-fb41-4f59-a193-ad00c52a138c"
);
// Add the permissions to the user role
userRole.PermissionInput.Add(permission);
vmmService.UpdateObject(userRole);
vmmService.SaveChanges();
}
The following is an example HTTP request sent to the server:
MERGE https://wapserver:30005/BA4146FA-FB41-41B6-A7C0-2B4FF4C3F7E3/services/systemcenter/vmm/UserRoles/97fd50f3-1dc0-41b6-a7c0-2b4ff4c3f7e3 HTTP/1.1
DataServiceVersion: 3.0;NetFx
MaxDataServiceVersion: 3.0;NetFx
Accept: application/json;odata=minimalmetadata
Accept-Charset: UTF-8
DataServiceUrlConventions: KeyAsSegment
User-Agent: Microsoft ADO.NET Data Services
x-ms-principal-id: user@contoso.com
Content-Type: application/json;odata=minimalmetadata
Host: wapserver:30005
Content-Length: 839
Expect: 100-continue
Authorization: Negotiate YIIGXgYGKwYBBQUCoIIGUjCCBk6gMDAuBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICHgYKKwYBBAGCNwICCqKCBhgEggYUYIIGEAYJKoZIhvcSAQICAQBuggX/MIIF+6ADAgEFoQMCAQ6iBwMFACAAAACjggSPYYIEizCCBIegAwIBBaEJGwdDRE0uTEFCoiMwIaADAgECoRowGBsESFRUUBsQc3Bmbi00NTcuY2RtLmxhYqOCBE4wggRKoAMCARKhAwIBC6KCBDwEggQ4T4e4nk0xr5YY8JQ/YNUEs7oIPtf2zX+sn08+M334CpUM75+aH+zZiH/HSzI3+CF9DiGzVza+jRm/UFjbU1FrMpGSlNtCNdOy1taOlSN1jiB1+5kYZx4hEXRfkfQ27/H2g7oh/Z7M/UOsi2VEI8z/ZIqzw72X/JBA47REDCjoc+okvAdH3EfWgsgsAS4BmQIJ58sc6vNEBTtrMNxrx4AIXAk5QPH/JJ7WOYTvXJdQgVm9KkfcHvdFU6jng7P7HNQ2GLDq/sP2AJU1/Uo3CLtrQFnjKTs/d1pvABO09tqOdyokI+mu1DqZ2wIHFpljMSSJmrZKl0aMYYlx6nR4OuOGpaD5+R/l29J3bK22dAdFbHMGJ1JxYG8x5kHlfjNXMJHrsGJ9WxPXqoSAyU2CRoyun9MtyVzeaLhw9mJtF6re+hM1EGd6eDqqqnIOv24fdrBKnEB2HDEJPATYbh94/fC86LPo3KAo3GFL+jIBKk8FHsPnNHiK28pcA7tkI4kUGnTj546oZogJhbvzMP35vnEMZtebiOdIHMYM8KhmEGnNBgfaxSWdpDTyFZxWrTED79abZHRlsGGljw/LfRXeS4qPEwwRkgEfrdL2JU1jcmU845v2vrptYr/visrcExaas35FMCxuxksVDT4d1AlwvNxusLZCssYSA/vVBVJy9qRvrbjAY4rNTtoEq1Am1K5ZpN8OwxmbVaEZQXrhOUIfC5ydp6A+dqA423dTxLEi+7/v77dwkpId0lLakHL8Gm4AaH98Th/OrhB3RNb2ENU+a1FE2jBuaWsVolzmbMwIB5Q8ahxknSDgtNaGZ2ZQxWJcnns20Rj5AZ1e5op2RSffETRhZhQ5QgMF/eMnGdbWeDFPVsoVR5f/bXVmLKS4vhdTKKuYnLuwszpJUdmI7s9F+dCbGYrgjlwifvEuSoAHNlL4PS+zFnR2ITJZZpYCZMvXIQ17zrMGs0C4wB0goF+uY4jEC0W3KRg/bF2GCsimOarMLtbuRz41NakkjZT7rSTJf+DpB7OuzwjLbcF9acDtv1vI/62YJgBFrLbYxGQJpiqa5rhonun9MK88jhhrvU1fcoMU8sw/Zx6NSLqigzTEQtDhF2b9DeyXLOr2GV7wruOjiURmIt4qW1pfCOAMPJQBXnq2rAt03EZoxAdlIB7405PnVF+x+WjgK/TY4b93BsR7afZh1z/uaTjJGuW9xGZkOW23koOCzbC85y5wfNrnJ3a+7sG971CyOnE3/lzYDuOz/RyXoTmYfG8538aQ9PK2Wl6wZO92QhWw5rHdAI/7nOsiuJygK8+kr/MsERoyHynXX/2m0bnixjAHBPjlRJnWL6PIcrqmoFlnsEMAMuqlYi5mPk70FJU8RbPWNQbc+YN5dfc295hsS931UTAkwyDobtq6E1NEpFz26IhSC4bgjThDa9jWdvGjA1jIpIIBUTCCAU2gAwIBEqKCAUQEggFA2B6rC9hN6kHxj6yUJU7ZOrgOt406u8FGUsr7gyvaVWLO8SZRsG3R/EJ6Qvd1u59GNJuwr3+76ND0oqKYAgDBSkrA7sv42a/033flpTs3H3p4oJrKc03oLTnwXAe3+moYSO5ia/Ek3rP522nk/SYXgqXQZRcEZtf0Tmqn4lziRwDWPL4OvpN9Tu8e62CmKhwwB4x7uUykI39WFzMLmWatcVxIZqasl6W6C2r/yQRMnNt91Lu1dNFAsJpsPhbBxHB6Nn9MoslcFrkUDBwTRrQuPXBGjQyZOHUFSf4mz5ZaM5iYBW/w3Yh+W2VwIh3y48aJ31fNrtaJCrrxHMwSPAf67S1uDBdO6ECgNo1m2Iu5UWeJ8kJTbP4TUZnPBkRhTj0BWyORnrPltS3c1S2MJN3J6e1qHLVkkx7zKSurCT5lnZ0=
{
"ID": "97fd50f3-1dc0-41b6-a7c0-2b4ff4c3f7e3",
"PermissionInput": [{
"Permission": ["Create",
"PauseAndResume",
"Start",
"Stop",
"AllowLocalAdmin",
"Remove",
"Shutdown",
"Checkpoint",
"Author",
"CanShare",
"CanReceive",
"CreateFromVHDOrTemplate",
"CheckpointRestoreOnly",
"AuthorVMNetwork",
"Checkpoint"
],
"Permission@odata.type": "Collection(Edm.String)",
"StampId": "ba4146fa-fb41-4f59-a193-ad00c52a138c"
}],
"PermissionInput@odata.type": "Collection(VMM.UserRolePermission)",
"odata.type": "VMM.UserRole"
}
The following is an example HTTP response from the server:
HTTP/1.1 204 No Content
Cache-Control: no-cache
Server: Microsoft-IIS/8.5
x-ms-request-id: 0b494a73-66e6-4b86-b1cf-90d3a7432622
X-Content-Type-Options: nosniff
request-id: eda9bde6-834a-0000-95d9-aced4a83ce01
DataServiceVersion: 1.0;
X-AspNet-Version: 4.0.30319
Persistent-Auth: true
X-Powered-By: ASP.NET
Date: Mon, 19 Aug 2013 21:59:34 GMT