Architecting a vCloud Availability for vCloud Director Solution : vCloud Director Configuration : 5.1 User Roles : 5.1.1 vCloud Director 8.20 Changes
   
5.1.1 vCloud Director 8.20 Changes
vCloud Director 8.20 enables creation of organization-specific roles and rights assignments.
Service provider can still create global roles
Service provider can selectively grant rights to specific tenants
Organization administrators can create tenant specific roles from a subset of granted rights
The procedure to add new vCloud Availability for vCloud Director rights to a predefined Organization Administrator role is different and must be partially done with vCloud API:
1. Find new vCloud Availability for vCloud Director rights references with the following vCloud API call:
GET /api/admin
Response:
</RightReferences>
<RightReference href="https://.../api/admin/right/08401a7e-9898-4afe-b07a-4e6e9a84c872" name="{com.vmware.vr}:ManageRight" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="https://.../api/admin/right/c6d72052-a986-4566-9f08-4ee27938fd50" name="{com.vmware.vr}:ViewRight" type="application/vnd.vmware.admin.right+xml"/>
</RightReferences>
2. For an Organization to retrieve its current rights with vCloud API GET call and from the response form a new payload for PUT call by including new right references retrieved from the step 1:
GET /api/<org-id>/rights
PUT /api/<org-id>/rights
3. In vCloud Roles and Rights user interface, find Organization Administrator role for the Organization used in step 2 and add the new rights. This will modify predefined Organization Administrator role which will be applied to all newly created organizations.
Note Existing organizations will still have the Organization Administrator role based on the unmodified predefined role, because they were not granted the new rights. Therefore step 2 will have to be repeated for all existing organizations that should have access to vCloud Availability for vCloud Director.