I have vcenter with several clusters. I am wanting to assign read-only permissions at the host level on a per cluster basis so as to provide limited access in vcenter. The script I have below is what I am having an issue with. Why is this not working?
$mycluster = Read-Host -prompt "Enter cluster name"
$clusterhosts = Get-Cluster $mycluster | Get-VMhost
foreach ($myhost in $clusterhosts) {
New-VIPermission -Entity $myhost.name -Principal "domain\group" -Role "Read-only" -Propagate:$true
}
The error I get is this:
New-VIPermission : 1/8/2018 3:44:36 PM New-VIPermission | Value cannot be null. |
Parameter name: collection
At C:\Scripts\Vmware\Permissions\storage_team.ps1:7 char:1
+ New-VIPermission -Entity $myhost.name -Principal "domain\group ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo | : NotSpecified: (:) [New-VIPermission], VimException | |
+ FullyQualifiedErrorId : Core_BaseCmdlet_UnknownError,VMware.VimAutomation.ViCore.Cmdlets.Commands.PermissionManagement.NewVIPermission |
The default role is named ReadOnly.
Unless you created a role yourself that is named Read-only, the cmdlet will fail on that rolename.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Even if I do this command it fails with the same error:
$myrole = Get-VIRole -Server vcenter.domain.com -Name "Storage"
The "Storage" role is a clone version of read-only.
And what happens when you just do Get-VIRole?
Is the "Storage" role listed?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
When I do a get-virole, yes it is listed. What I don't understand is, when I run the original command the error is:
"New-VIPermission Value cannot be null."
What value is null? The username, role and the host are listed in the command. So I'm not exactly sure what the error is referring to.
Could you do the folowing, stop/start your PowerShell session, connect to the vCenter and then do
Get-VIRole | Select @{N='Name';E={"*$($_.Name)*"}}
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Ran your command...this is what I get. (the one is red is the one I cloned from the readonly role)
C:\Users\mysuername> Get-VIRole | Select @{N='Name';E={"*$($_.Name)*"}}
Name
----
*ServerTeam*
*Avamar_Backup*
*VeeamBackup*
*Neverfail Engine*
*VeeamBackupGlobal*
*com.vmware.Content.Admin*
*BackupTeam*
*CitrixTeamNTX*
*NoCryptoAdmin*
*NoAccess*
*Anonymous*
*View*
*ReadOnly*
*Admin*
*VirtualMachinePowerUser*
*VirtualMachineUser*
*ResourcePoolAdministrator*
*VMwareConsolidatedBackupUser*
*DatastoreConsumer*
*NetworkConsumer*
*VirtualMachineConsoleUser*
*InventoryService.Tagging.TaggingAdmin*
*vRealizeAutomation*
*StorageTeam*
*Console_Access*
*Loginsight*
*Support Assistant service*
*vRealizeBusiness*
You seem to have given the name as Storage, not StorageTeam in the previous example of the error.
Do you also get the error when you give the full name?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
it was just an example. but yes I am using StorageTeam in my script. either way, i get the error.
This command works fine when I do this: $myrole = Get-VIRole -Server "myvcenter.com" -Name "StorageTeam"
So i know its pulling the info.
And does it work when you use this $myrole in the New-VIPermission cmdlet on the Role parameter?
Might be an issue with OBN.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
I've tried all the parameters by name as well as passing an object, either way. I get the same error?
This is the version of PowerCLI : VMware PowerCLI 6.5 Release 1 build 4624819
In the past I have had issues running commands with different versions. so I'm a try an older version and see if I get the same issue.
I would in fact suggest to go for the later releases 6.5.x.
They are available from the PS Gallery.
See Updating PowerCLI through the PowerShell Gallery - VMware PowerCLI Blog - VMware Blogs
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference