Skip navigation
VMware
Up to Discussions in VMware vSphere™ PowerCLI

This Question is Answered (go to answer)

2 "helpful" answers available (6 pts)
793 Views 10 Replies Last post: Feb 23, 2012 3:55 PM by jkb5054 RSS
Dave.Mac Enthusiast
Dave.Mac
38 posts since
Jun 12, 2008
Currently Being Moderated

Jul 19, 2010 7:19 AM

LucD script to import vCenter Roles / Permissions

 

After some great help from LucD I'm able to use one of his scripts to export our vCenter roles and permission hierarchy. We're having some problems though trying to import that data back in.

 

 

 

 

 

We're going off the script at:

 

 

http://www.virtu-al.net/2009/06/14/vsphere-permissions-export-import-part-2/

 

 

 

 

 

However, we're getting two errors.

 

 

First:

 

 

Exception calling "SetEntityPermissions" with "2" argument(s): "The requested change cannot be completetd because it could leave the system without full administrative privileges for a user or a group."

 

 

At Importpermissions.ps1:52 char 43

 

 

+      $perms = $authMgr.SetEntityPermissions <<< ($object.MoRef,@($permission))

 

 

         +CategoryInfo        :NotSpecified: ( [], MethodInvocationException

 

 

         +FullyQualifiedErrorId : DotNetMethodException

 

 

Second:

 

 

Set-Permission : cannot process argument transformation on parameter 'object'.

 

 

Cannot convert the "System.Object" to type "VMware.Vim.ManagedEntity".

 

 

At Importpermissions.ps1:95 char:19

 

 

+      Set-Permission <<< $entity $perm

 

 

        +CategoryInfo        :InvalidData: ( LucD script to import vCenter Roles / Permissions, ParameterBind in...mationException

 

 

         +FullyQualifiedErrorId : ParameterArgumentTransformationError,Set-Permission

 

 

Anyone any ideas?

 

 

LucD Guru User Moderators vExpert
LucD
9,015 posts since
Oct 31, 2005
Currently Being Moderated
1. Jul 19, 2010 8:10 AM in response to: Dave.Mac
Re: LucD script to import vCenter Roles / Permissions

This is the latest version of my "import" script.

Can you give a try ?


function New-Role
{
    param($name, $privIds)
    Begin{}
    Process{

        $roleId = $authMgr.AddAuthorizationRole($name,$privIds)
    }
    End{
        return $roleId
    }
}
function Set-Permission
{
param(
[http://VMware.Vim.ManagedEntity|http://VMware.Vim.ManagedEntity]$object,
[http://VMware.Vim.Permission|http://VMware.Vim.Permission]$permission
)
Begin{}
Process{
    $perms = $authMgr.SetEntityPermissions($object.MoRef,@($permission))
}
End{
    return
}
}

# Create hash table with the current roles
$authMgr = Get-View AuthorizationManager
$roleHash = @{}
$authMgr.RoleList | % {
    $roleHash[http://$_.Name|http://$_.Name] = $_.RoleId
}
# Read XML file
$XMLfile = “C:\vInventory.xml”
$vInventory = [xml]"<dummy/>"
$vInventory.Load($XMLfile)
# Define Xpaths for the roles and the permissions
$XpathRoles = “Inventory/Roles/Role”
$XpathPermissions = “Inventory/Permissions/Permission”
# Create custom roles
$vInventory.SelectNodes($XpathRoles) | % {
    if(-not $roleHash.ContainsKey($_.Name)){
        $privArray = @()
        $_.Privilege | % {
            $privArray += $_.Name
        }
        $roleHash[http://$_.Name|http://$_.Name] = (New-Role $_.Name $privArray)
    }
}
# Set permissions
$vInventory.SelectNodes($XpathPermissions) | % {
    $perm = New-Object VMware.Vim.Permission
    $perm.group = &{if ($_.Group -eq “true”) {$true} else {$false}}
    $perm.principal = $_.Principal
    $perm.propagate = &{if($_.Propagate -eq “true”) {$true} else {$false}}
    $perm.roleId = $roleHash[http://$_.Role|http://$_.Role]

    $EntityName = $_.Entity.Replace(“(“,“\(“).Replace(“)”,“\)”)
    $EntityName = $EntityName.Replace(“[","\[").Replace("]“,“\]”)
    $EntityName = $EntityName.Replace(“{“,“\{“).Replace(“}”,“\}”)

    $entity = Get-View -ViewType $_.EntityType -Filter @{“Name”=("^" + $EntityName + "$")}
    Set-Permission $entity $perm
}

 

 

 

 

____________

Blog: LucD notes

Twitter: lucd22

Attachments:
Blog: http://lucd.info | Twitter: @LucD22 | Book co-author: http://powerclibook.com
Dave.Mac Enthusiast
Dave.Mac
38 posts since
Jun 12, 2008
Currently Being Moderated
2. Jul 21, 2010 3:34 AM in response to: LucD
Re: LucD script to import vCenter Roles / Permissions

Cheers dude, I'll give that a try.

vrm Enthusiast
vrm
42 posts since
Jun 5, 2005
Currently Being Moderated
3. Oct 19, 2010 12:04 AM in response to: LucD
Re: LucD script to import vCenter Roles / Permissions

Great script!!!

DSeaman Hot Shot vExpert
DSeaman
305 posts since
Oct 5, 2005
Currently Being Moderated
4. Nov 7, 2010 10:51 AM in response to: vrm
Re: LucD script to import vCenter Roles / Permissions

These are great scripts, but when I run the import script I get the following error. The roles are imported though. Ideas?

 

--

Set-Permission : Cannot process argument transformation on parameter 'object'.

Cannot convert the "System.Object" to type "V

Mware.Vim.ManagedEntity".

At D:\import-xml-roles-permissions.ps1:64 char:19

+     Set-Permission <<<<  $entity $perm

    + CategoryInfo          : InvalidData: ( Re: LucD script to import vCenter Roles / Permissions, ParameterBindin...mationException

    + FullyQualifiedErrorId : ParameterArgumentTransformationError,Set-Permission

vrm Enthusiast
vrm
42 posts since
Jun 5, 2005
Currently Being Moderated
5. Nov 7, 2010 9:57 PM in response to: DSeaman
Re: LucD script to import vCenter Roles / Permissions

-

LucD Guru User Moderators vExpert
LucD
9,015 posts since
Oct 31, 2005
Currently Being Moderated
6. Nov 7, 2010 10:55 AM in response to: DSeaman
Re: LucD script to import vCenter Roles / Permissions

Did you use the attached script or did you copy it from your browser ?

The forum SW has problems with square brackets, that's why I attached the script.

 

 

 

 

____________

Blog: LucD notes

Twitter: lucd22

Blog: http://lucd.info | Twitter: @LucD22 | Book co-author: http://powerclibook.com
DSeaman Hot Shot vExpert
DSeaman
305 posts since
Oct 5, 2005
Currently Being Moderated
7. Nov 7, 2010 11:04 AM in response to: LucD
Re: LucD script to import vCenter Roles / Permissions

I used the attached script.

LucD Guru User Moderators vExpert
LucD
9,015 posts since
Oct 31, 2005
Currently Being Moderated
8. Nov 7, 2010 11:53 AM in response to: DSeaman
Re: LucD script to import vCenter Roles / Permissions

Do you know which "entity" the script was handling at the time of the error ?

Could you perhaps include part of the .xlm file ? The part where the faulty entity seems to be.

 

 

 

 

____________

Blog: LucD notes

Twitter: lucd22

Blog: http://lucd.info | Twitter: @LucD22 | Book co-author: http://powerclibook.com
qwert1235 Hot Shot
qwert1235
152 posts since
Aug 19, 2009
Currently Being Moderated
9. Sep 1, 2011 9:54 AM in response to: LucD
Re: LucD script to import vCenter Roles / Permissions

Luc,

 

Great script! Thanks a lot!

 

I am going to export roles/permissions from one VC by using your script from http://communities.vmware.com/thread/268411?tstart=0 and import to another by using this import script.

 

Everything is working great, but during the import I am getting errors like this:

 

Exception calling "SetEntityPermissions" with "2" argument(s): "entity"

At line:10 char:43

+ $perms = $authMgr.SetEntityPermissions <<<< ($object.MoRef,@($permission))

+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException

+ FullyQualifiedErrorId : DotNetMethodException

 

I think it's because not all of the objects from first VC (where I grabbed roles/permissions) exist on second VC.

How can I modify the script so it will check if the object is exist before apllying permissions to it?

 

Thanks a lot!

 

 

Update: never mind, I figure it out myself :-)  

All I had to do is update last line of your script to:

 

if

 

 

($entity -ne $null) {Set-Permission $entity $perm}

 

Thanks again for such a great scripts!

jkb5054 Novice
jkb5054
25 posts since
Feb 15, 2011
Currently Being Moderated
10. Feb 23, 2012 3:55 PM in response to: LucD
Re: LucD script to import vCenter Roles / Permissions

Hi all,

 

Great work LucD!

 

I am attempting to import from 4.1 to 5.0. I seem to be getting alot of two different errors:

 

Exception calling "AddAuthorizationRole" with "2" argument(s): "A specified par
ameter was not correct.
privIds"
At C:\Users\aa630d\Desktop\Scripts\ImportPermissions.ps1:9 char:48
+         $roleId = $authMgr.AddAuthorizationRole <<<< ($name,$privIds)
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : DotNetMethodException

 

 

AND

 

 

Exception calling "SetEntityPermissions" with "2" argument(s): "The object or i
tem referred to could not be found."
At C:\Users\aa630d\Desktop\Scripts\ImportPermissions.ps1:23 char:43
+     $perms = $authMgr.SetEntityPermissions <<<< ($object.MoRef,@($permission)
)
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : DotNetMethodException

 

Any Ideas?

 

Has anyone successfully ported to 5.0 yet?

Bookmarked By (0)

Share This Page

Communities