Page History
...
- Find all groups the user belongs tooto: groupIDs = 1
- Find all 'Effective' policies the groups are associated to: policies = 1, 6
- If any policy 'Allows' the startVirtualMachine API for this Vm Id, grant permission to make this call: Policy Id 6 and Permission Id 3 allow the API to be invoked for this user.
- In this case, since this is a regular user and the user is the owner of the VM, then he is granted access using policy Id 6.
...
- Find all groups the user belongs tooto: groupIDs = 3
- Find all 'Effective' policies the groups are associated to: policies = 3
- Policy Id 3 and Permission Id 2 allow 'startVirtualMachine' access for VMs in the 'Domain' scope - VMs in the domainId of the user.
- In this case, since the VM is in the domain of the user, he is granted access using policy Id 3.
...
- Find all groups the user belongs tooto: groupIDs = 2
- Find all 'Effective' policies the groups are associated to: policies = 2
- Policy Id 3 and Permission Id 1 allow 'startVirtualMachine' access for ALL VMs .
...
Overview
Content Tools
Apps