So we have our team that's assigned at the vCenter/Datacenter level and I'm not concerned about those guys.  But on occasion it seems we need to grant permission to someone outside of our team to a particular folder or set of folders.  Since I'm not the only one who's doing this and the folders change quite often with automation I'd like a way to run something that can give me an output somehow who's assigned to any particular folder.  If it's one of a certain handful of people on my team it's excluded from the search since we know they have permission to everything.  But if it's someone from outside of that I'll know the folder they have access to, the permissions, etc.

That seems to work really well.  Is it somehow possible for it to scan the sub folders in a folder?  We have a lot of folders under one particular folder and it'd be a hassle to try scan them individually, especially as they can change.  If this is possible will it only show folders that have people who aren't in my exclusion list, or will it list every folder anyway?  It'd be great if it only showed folders that had permissions from users who aren't in that exclusion list.

Try something like this.
Note that it currently only looks at VM-type folders.

Hmm it acts like it's working, but I'm getting this:

WARNING: The 'IsChildTypeVm' property of the Folder type is deprecated. Use the Type property instead.

Get-VIPermission : 8/23/2019 2:30:35 PM Get-VIPermission                The object 'vim.Folder:group-v1391676' has already been

deleted or has not been completely created

At C:\GetFolderPermissions.ps1:48 char:112

+ ... able folder | where{$folder.IsChildTypeVm} | Get-VIPermission | where ...

+                                                  ~~~~~~~~~~~~~~~~

    + CategoryInfo          : NotSpecified: (:) [Get-VIPermission], ManagedObjectNotFound

    + FullyQualifiedErrorId : Client20_InventoryServiceImpl_GetPermission_VIError,VMware.VimAutomation.ViCore.Cmdlets.

   Commands.PermissionManagement.GetVIPermission

The line in question is this:

Get-Inventory -Location (Get-Folder -Name $myfolder) -PipelineVariable folder | where{$folder.IsChildTypeVm} | Get-VIPermission | where{$_.EntityId -eq $folder.Id} | select Entity,Principal,Role

The message about the IsChildTypeVM is a warning about a possible future deprecation.
And can be ignored for now.

The error is for one specific folder (Id = group-v1391676). Can you check with

Get-Folder | Select Name,Id

which folder it is, and what the problem with it might be?

Hmm I ran that, but nothing comes up for that or another one I got an error on.  It's possible our automation is either building or deleting those folders, so maybe that's why I'm seeing the issue?

Could be.
You could check Task and/or Events to see if any folders were manipulated while you ran the script.

Yeah it looks like there's a lot of stuff running while this is going on.  Folders being deleted, created, all kinds of fun stuff.  I'll probably go back to the previous code and force users to specify the folder since there's too much going on.