This recipe will show you how to use the Change credential element to change the user who is currently executing the workflow.
We need to create a new workflow.
For this recipe, you will need to have more than one AD/LDAP group configured to have access to Orchestrator. Remember that you can use the Orchestrator internal LDAP to test this. To facilitate this, please follow the User management recipe in Chapter 7, Interacting with Orchestrator.
Name |
Type |
Section |
Use |
newCredential |
Credential |
IN |
The user name and password of the new user |
newCredential
in-parameter to the Change credential element.workflow.runningUserName
. This will log the username that is currently running the workflow.vcouser
). When the workflow is finished, have a look at the logs. You should see that the name of the user who executed the workflow has changed (see the following screenshot):
The usage is simple; you define the user who executes the workflow from the Change Credential element onward.
A typical usage is that you have a workflow started by a user who has no rights to create a VM on vCenter. So, what you need to do is switch credentials before the VM is created and switch them back for the rest of the workflow. The best practice (please note that this is only true when you use the vCenter plugin with a session for each user) for this is to put the elevated credentials that are used into a configuration (see the recipe Working with configurations in Chapter 8, Better Workflows and Optimized Working).