Search the VMware Knowledge Base (KB)
View by Article ID

Using the vCloud API to Grant Distributed Firewall and Advanced Networking Services Rights in vCloud Director 8.20 (2149016)

  • 13 Ratings


vCloud Director 8.20 introduces a set of advanced networking and distributed firewall services that are accessible from a new HTML5-based graphical user interface called the vCloud Director Tenant Portal, and also from a new vCloud Director API for NSX. Most of the operations that enable, disable, and configure these services are controlled by rights that did not exist in previous vCloud Director releases. A system administrator must grant these new rights to organizations before their members can use the new services.


A system administrator must use the vCloud API to grant the new rights that the organization requires. For more information about how to use the vCloud API, see VMware Knowledge Base article

If you are familiar with using the vCloud API, you can follow a procedure like this one to use the attached AdvancedNetworkingAndDFWrights.xml example in a PUT request like the one documented in the Grant Additional Rights to an Organization  example in the vCloud API Programming Guide for Service Providers (API version 27).

  1. Log in to the vCloud API as a system administrator.
  2. Retrieve the existing set of rights from the organization.
  3. Add that set of rights to the attached AdvancedNetworkingAndDFWrights.xml file in the indicated position. NOTE: Any existing rights you do not add to this file will be removed from the organization when you execute the PUT request. Roles in the organization that include those rights will no longer have them.
  4. The AdvancedNetworkingAndDFWrights.xml example includes all advanced networking and distributed firewall rights that are not in the set of rights granted to all organizations by default.  If any of the rights included in the example are ones that you do not want to grant to the organization, remove them from the example.
  5. Make an API request like this one to PUT the contents of the edited AdvancedNetworkingAndDFWrights.xml to the organization’s add URL for rights.
Accept: application/*;version=27.0 Content-type: application/
... <?xml version="1.0" encoding="UTF-8"?> <OrgRights xmlns=""> <!-- include the existing rights -->
<!-- add the new rights -->

After the request is complete, the new rights are available for use in existing or new roles that a system administrator can create in the updated organization. A system administrator can use the vCloud Director Web Console to create or update roles in any organization. An organization administrator must use the vCloud API to create new roles that use these rights.  For more information, see the vCloud API Programming Guide for Service Providers and the vCloud Director Administrator’s Guide.


Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.


  • 13 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)

Please enter the Captcha code before clicking Submit.
  • 13 Ratings