Administrator Credentials and Privileges
The vCloud API defines two levels of administrative privilege:
Organization administrators, who have administrative privileges in a specific organization.
System administrators, who have superuser privileges throughout the system. System administrators can
create, read, update, and delete all objects in a vCloud, and have organization administrator rights in all
organizations in a vCloud, and can operate directly on vSphere resources to create and modify provider
vDCs.
Some administrative operations (and all vSphere platform operations) are restricted to the system
administrator. Before attempting any of these operations, log in to the System organization with the user name
and password of the system administrator account that was created when vCloud Service Director was
installed. For example, if the system administrator's name and password had been defined as administrator
and Pa55w0rd, the system administrator login credentials would be the MIME Base64 encoding of the string
administrator@System:Pa55w0rd.
The System organization is created automatically when vCloud Service Director is installed, and always has a
URL of the form
API‐URL/
request, as shown in Example
Example 6-1. The System Organization
Request:
GET http://vcloud.example.com/api/v1.0/org/1
Response:
200 OK
Content-Type: application/vnd.vmware.vcloud.org+xml
...
<Org xmlns="http://www.vmware.com/vcloud/v1" name="System" ...>
...
</Org>
Administrative Objects and URLs
The vCloud API defines several objects that are used only in administrative operations. These objects are listed
in Chapter
11, "Administrative API Reference," on page 179. Some, like User, Group, and Role are unique to
administrative operations. Others extend common vCloud API objects to add elements and attributes that
enable administrative control. An AdminOrg, for example, supports the administrative view of an Org, and an
AdminVdc does the same thing for a Vdc.
Get an Administrative View of a Cloud
An administrator can access a cloud‐wide namespace of administrative objects at API‐URL/admin, where
API‐URL is a URL of the form http://vcloud.example.com/api/v1.0. The primary administrative objects in a
vCloud include organizations, provider vDCs, rights, roles, and external networks. Each object type is
represented in a VCloud element by zero or more references, as illustrated in Example
administrator can obtain more information about any of these objects by making a GET request to the object
reference (the value of its href attribute).
The vCloud response document includes links that enable a system administrator to add roles and
organizations. Subordinate objects such as users, catalogs, and vDCs, are contained by individual
organizations and are not listed at this level. Other objects, such as rights, can be listed but cannot be modified
using the vCloud API.
VMware, Inc.
org/1. It is not listed in an OrgList, but can be retrieved with an explicit GET
6‐1.
Chapter 6 Administrative Operations
6‐2. A system
93