Add a Permission to a User Role (SPF) - TechNet Articles - United States (English) - TechNet Wiki

This page is now retired and kept for archival purposes. This programming guide has been published on MSDN at http://msdn.microsoft.com/library/jj643273.aspx

This article is part of the Service Provider Foundation Programmers Guide (SPF).

Table of Contents

Add a Permission to a User Role (SPF)

This page is now retired and kept for archival purposes. This programming guide has been published on MSDN at http://msdn.microsoft.com/library/jj643273.aspx

This article is part of the Service Provider Foundation Programmers Guide (SPF).

In Service Provider Foundation, sometimes a user cannot accomplish a task because they are missing a required permission. Permissions can be added to a user (as long as the current user can manage permissions) by using the UserRoles OData collection.

The way Service Provider Foundation works with User Role permissions may be confusing at first. A UserRole entity does not have a property to change permissions directly. Instead, you set the UserRole.PermissionInput property to a collection of UserRolePermission objects. Each UserRolePermission object represents all permissions the user has on a specific stamp. When the UserRole entity is updated, the UserRole.PermissionInput property is processed. Each UserRolePermission is read, and replaces all existing permissions (for the associated stamp) the user role has.

You will likely want to preserve existing permissions by copying them to the UserRolePermission object, and then adding or removing specific permissions.

To add a permission to a user role with .NET

  1. Connect to the Service Provider Foundation VMM service.

  2. Obtain the SpfVMM.UserRole you want to add a permission to.

  3. Create a new instance of the SpfVMM.UserRolePermission class.

  4. Copy the UserRole.Permission to a new list or array of strings.

  5. Add the new permissions to the list or array of permission strings.

  6. Set the UserRolePermission.Permission property to a new instance of the System.Collections.ObjectModel.ObservableCollection<string> class, providing the array of permission strings.

  7. Set the UserRolePermission.StampId property to the stamp id the user permissions will apply to.

  8. Add the UserRolePermission you created to the UserRole.PermissionInput collection.

  9. Call the UpdateObject method on the VMM service object reference and pass in the changed UserRole object.

  10. Call the SaveChanges method on the VMM service object reference.

To add a permission to a user role with HTTP

  1. Create a new HTTP PUT or MERGE operation.

     Important
    If you supply only the key and changed properties, use a MERGE operation. PUT is used when you want to replace all properties on the entity with new or default values. The MERGE operation updates the existing entity with the properties supplied. PUT will update the existing entity with the properties supplied, but will reset all missing properties back to their default values.
  2. Set the URL to a specific user role identifier with the UserRoles collection: https://server:30005/subscription-id/services/systemcenter/vmm/UserRoles/user-role-id.

     Important
    The subscription-id being used must have permissions to alter the permissions of a user role.
     Tip
    Provide the GUID of the user role on the URL. The previous example uses user-role-id as a placeholder.
  3. Add the HTTP headers.

    Specifically, add the x-ms-principal-id header, which can be set to any value.

  4. Create the HTTP payload containing the user role entity with at least the ID anr the permissions of a user role.

d PermissionInput properties set.

  • Submit the HTTP request.

  • Example

    The following example shows how to add the Checkpoint permission to an existing user role with .NET. This example also preserves all existing permissions that the user role already has. For more information, see Programming in Visual Studio with Service Provider Foundation Services.

    SpfVMM.VMM vmmService = new SpfVMM.VMM(new Uri("https://wapserver/:30005/97FD50F3-1DC0-41B6-A7C0-2B4FF4C3F7E3/services/systemcenter/vmm/"));
    vmmService.Credentials = System.Net.CredentialCache.DefaultNetworkCredentials;
     
    // Get the existing user role
    var userRole = vmmService.UserRoles.Where(ur => ur.Name == "fred@fred.com_97fd50f3-1dc0-41b6-a7c0-2b4ff4c3f7e3").FirstOrDefault();
     
    if (userRole != null)
    {
        // Create the new permission
        var permission = new SpfVMM.UserRolePermission();
     
        // Preserve the existing permissions using System.Linq extensions
        var perms = userRole.Permission.ToList();
                                    
        // Add the new permission
        perms.Add("Checkpoint");
     
        // create the new permission object
        permission.Permission = new System.Collections.ObjectModel.ObservableCollection<string>(perms);
        permission.StampId = new Guid("ba4146fa-fb41-4f59-a193-ad00c52a138c");
     
        // Add the permissions to the user role
        userRole.PermissionInput.Add(permission);
     
        vmmService.UpdateObject(userRole);
        vmmService.SaveChanges();
    }

    The following is an example HTTP request sent to the server:

    MERGE https://wapserver:30005/BA4146FA-FB41-41B6-A7C0-2B4FF4C3F7E3/services/systemcenter/vmm/UserRoles/97fd50f3-1dc0-41b6-a7c0-2b4ff4c3f7e3 HTTP/1.1
    DataServiceVersion: 3.0;NetFx
    MaxDataServiceVersion: 3.0;NetFx
    Accept: application/json;odata=minimalmetadata
    Accept-Charset: UTF-8
    DataServiceUrlConventions: KeyAsSegment
    User-Agent: Microsoft ADO.NET Data Services
    x-ms-principal-id: user@contoso.com
    Content-Type: application/json;odata=minimalmetadata
    Host: wapserver:30005
    Content-Length: 839
    Expect: 100-continue
    Authorization: Negotiate YIIGXgYGKwYBBQUCoIIGUjCCBk6gMDAuBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICHgYKKwYBBAGCNwICCqKCBhgEggYUYIIGEAYJKoZIhvcSAQICAQBuggX/MIIF+6ADAgEFoQMCAQ6iBwMFACAAAACjggSPYYIEizCCBIegAwIBBaEJGwdDRE0uTEFCoiMwIaADAgECoRowGBsESFRUUBsQc3Bmbi00NTcuY2RtLmxhYqOCBE4wggRKoAMCARKhAwIBC6KCBDwEggQ4T4e4nk0xr5YY8JQ/YNUEs7oIPtf2zX+sn08+M334CpUM75+aH+zZiH/HSzI3+CF9DiGzVza+jRm/UFjbU1FrMpGSlNtCNdOy1taOlSN1jiB1+5kYZx4hEXRfkfQ27/H2g7oh/Z7M/UOsi2VEI8z/ZIqzw72X/JBA47REDCjoc+okvAdH3EfWgsgsAS4BmQIJ58sc6vNEBTtrMNxrx4AIXAk5QPH/JJ7WOYTvXJdQgVm9KkfcHvdFU6jng7P7HNQ2GLDq/sP2AJU1/Uo3CLtrQFnjKTs/d1pvABO09tqOdyokI+mu1DqZ2wIHFpljMSSJmrZKl0aMYYlx6nR4OuOGpaD5+R/l29J3bK22dAdFbHMGJ1JxYG8x5kHlfjNXMJHrsGJ9WxPXqoSAyU2CRoyun9MtyVzeaLhw9mJtF6re+hM1EGd6eDqqqnIOv24fdrBKnEB2HDEJPATYbh94/fC86LPo3KAo3GFL+jIBKk8FHsPnNHiK28pcA7tkI4kUGnTj546oZogJhbvzMP35vnEMZtebiOdIHMYM8KhmEGnNBgfaxSWdpDTyFZxWrTED79abZHRlsGGljw/LfRXeS4qPEwwRkgEfrdL2JU1jcmU845v2vrptYr/visrcExaas35FMCxuxksVDT4d1AlwvNxusLZCssYSA/vVBVJy9qRvrbjAY4rNTtoEq1Am1K5ZpN8OwxmbVaEZQXrhOUIfC5ydp6A+dqA423dTxLEi+7/v77dwkpId0lLakHL8Gm4AaH98Th/OrhB3RNb2ENU+a1FE2jBuaWsVolzmbMwIB5Q8ahxknSDgtNaGZ2ZQxWJcnns20Rj5AZ1e5op2RSffETRhZhQ5QgMF/eMnGdbWeDFPVsoVR5f/bXVmLKS4vhdTKKuYnLuwszpJUdmI7s9F+dCbGYrgjlwifvEuSoAHNlL4PS+zFnR2ITJZZpYCZMvXIQ17zrMGs0C4wB0goF+uY4jEC0W3KRg/bF2GCsimOarMLtbuRz41NakkjZT7rSTJf+DpB7OuzwjLbcF9acDtv1vI/62YJgBFrLbYxGQJpiqa5rhonun9MK88jhhrvU1fcoMU8sw/Zx6NSLqigzTEQtDhF2b9DeyXLOr2GV7wruOjiURmIt4qW1pfCOAMPJQBXnq2rAt03EZoxAdlIB7405PnVF+x+WjgK/TY4b93BsR7afZh1z/uaTjJGuW9xGZkOW23koOCzbC85y5wfNrnJ3a+7sG971CyOnE3/lzYDuOz/RyXoTmYfG8538aQ9PK2Wl6wZO92QhWw5rHdAI/7nOsiuJygK8+kr/MsERoyHynXX/2m0bnixjAHBPjlRJnWL6PIcrqmoFlnsEMAMuqlYi5mPk70FJU8RbPWNQbc+YN5dfc295hsS931UTAkwyDobtq6E1NEpFz26IhSC4bgjThDa9jWdvGjA1jIpIIBUTCCAU2gAwIBEqKCAUQEggFA2B6rC9hN6kHxj6yUJU7ZOrgOt406u8FGUsr7gyvaVWLO8SZRsG3R/EJ6Qvd1u59GNJuwr3+76ND0oqKYAgDBSkrA7sv42a/033flpTs3H3p4oJrKc03oLTnwXAe3+moYSO5ia/Ek3rP522nk/SYXgqXQZRcEZtf0Tmqn4lziRwDWPL4OvpN9Tu8e62CmKhwwB4x7uUykI39WFzMLmWatcVxIZqasl6W6C2r/yQRMnNt91Lu1dNFAsJpsPhbBxHB6Nn9MoslcFrkUDBwTRrQuPXBGjQyZOHUFSf4mz5ZaM5iYBW/w3Yh+W2VwIh3y48aJ31fNrtaJCrrxHMwSPAf67S1uDBdO6ECgNo1m2Iu5UWeJ8kJTbP4TUZnPBkRhTj0BWyORnrPltS3c1S2MJN3J6e1qHLVkkx7zKSurCT5lnZ0=
    
    {
        "ID": "97fd50f3-1dc0-41b6-a7c0-2b4ff4c3f7e3",
        "PermissionInput": [{
            "Permission": ["Create",
                      "PauseAndResume",
                      "Start",
                      "Stop",
                      "AllowLocalAdmin",
                      "Remove",
                      "Shutdown",
                      "Checkpoint",
                      "Author",
                      "CanShare",
                      "CanReceive",
                      "CreateFromVHDOrTemplate",
                      "CheckpointRestoreOnly",
                      "AuthorVMNetwork",
                      "Checkpoint"
            ],
            "Permission@odata.type": "Collection(Edm.String)",
            "StampId": "ba4146fa-fb41-4f59-a193-ad00c52a138c"
        }],
        "PermissionInput@odata.type": "Collection(VMM.UserRolePermission)",
        "odata.type": "VMM.UserRole"
    }
    

    The following is an example HTTP response from the server:

    HTTP/1.1 204 No Content
    Cache-Control: no-cache
    Server: Microsoft-IIS/8.5
    x-ms-request-id: 0b494a73-66e6-4b86-b1cf-90d3a7432622
    X-Content-Type-Options: nosniff
    request-id: eda9bde6-834a-0000-95d9-aced4a83ce01
    DataServiceVersion: 1.0;
    X-AspNet-Version: 4.0.30319
    Persistent-Auth: true
    X-Powered-By: ASP.NET
    Date: Mon, 19 Aug 2013 21:59:34 GMT
    
     Tip
    Provide the GUID of the user role on the URL. The previous example uses user-role-id as a placeholder.