esx authentication client profiles: access grant

The access_grant structure contains information about access permissions.

The structure includes resource type and the specific resource information - entitlement.

Representation:

{
    "resource_type""ENTITLEMENT",
    "entitlement""IDENTITY_MGMT"
}

Attributes:

Name Type Description
Required
resource_type string Type of permission entity.

Defines the types of esx.authentication.client_profiles.access_grant elements in a client profile. These are permission resource types. There is support for entitlements, but not for groups. Value is one of:
ENTITLEMENT: Permission entitlements.

These are coarse-grained permissions that are not associated with an object, i.e. they are system-wide.

Optional
entitlement string The entitlement in the access grant.

Defines all permission entitlements supported on the ESX.

These are coarse-grained permissions that are not associated with an object, i.e. they are system-wide.

Value is one of:
IDENTITY_MGMT: Allows modifying the identity configuration.

For example: esx.authentication.client_profiles, esx.authentication.trust.security_token_issuers.


SECURITY_MGMT: Allows modifying security configuration.

For example: KMS, Attestation.


READ_ONLY: Allows access to some read-only operations. Not all read-only operations are accessible with this entitlement. Check the specific operation documentation for the required authorization.Optional. It is only relevant when resource_type has value ENTITLEMENT. This field is optional and it is only relevant when the value of resource_type is ENTITLEMENT.