如果你已经使用vSphere的API和阅读它的API参考,你可能已经注意到最常用的两种的权限:System.View System.Read。他们需要在许多方法。正如他们的名字所暗示的,他们是不同的,但有什么区别?它可以是混乱,对某些人来说,包括我在内,最初是因为它无处记录。
Here are some explanations after my talking to my colleague Jianping Yang who is the vCenter DB and Security guru.
-
The System.View privilege is used to navigate from the root
folder (Note: you can find it from the ServiceContent data object in
ServiceInstance ) to the object that a user has the permission on even
if the user does not have any permissions on the objects in that
navigation path.
-
If a user has any permission on an object, the user will have
the System.Read privilege on that object, and for its parent objects in
the inventory tree, the user will have the System.View privilege.
阅读(1538) | 评论(0) | 转发(0) |