Re: Individual permissions on Esx resources (netwo...

xofox · ‎12-23-2019

Hi,

I had a look for a long time over the net about my search.

I need to find a script solution to modify Esx resources from an Active Directory list of users.

For example, in my AD: UO=Group1 , users look like USER001, USER002,...

In my Esx, I have different network personal directory : USER001, USER002,..., wich contain personal vlan.

I would like to script : Only USER001 got permission for Network/USER001 (and administrators of course but that's already done).

Then, USER002 is granted only on his Network/USER002 and nobody else (except admin again...).

And I need to do same stuff for the personal storage (in datastore).

Hope my english was good enough to be understood

I work both on vmware 5.5u2 and 6.7.

Thanks for your help.

LucD · ‎12-23-2019

I assume that your input file is a CSV file with a single column, named User.
That users are assumed to be entered in the format <domain./<user>.
Then you could do

$role = 'Administrator'

foreach($row in (Import-Csv -Path .\users.csv -UseCulture)){

$domain,$user = $row.User.Split('\')

$pg = Get-VirtualPortGroup -Name "Network/$user"

New-VIPermission -Entity $pg -Principal $row.User -Role $role -Confirm:$false

New-VIPermission -Entity $pg -Principal "$domain\Everyone" -Role 'No Access'

$ds = Get-Datastore -Name "Datastore/$user" |

New-VIPermission -Entity $ds -Principal $row.User -Role $role -Confirm:$false

New-VIPermission -Entity $ds -Principal "$domain\Everyone" -Role 'No Access'

}

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

xofox · ‎12-24-2019

Thanks a lot, I gonna try asap, I think you gave me a very good path to get my point, at least, I understand what's written and the approach.

And, yes my input file would be a csv one.

All

Individual permissions on Esx resources (networks/portgroup, datastore/directory,...) from a list of AD/UO/users [Fr]