crosen
Contributor
Contributor

Determine VIC Acess by VM

I am migrating from local accounts/groups access for vCenter to an AD domain. Without manually checking each VM's group assoicated with it and creating in AD, I'd like to automate as much as possible.

1 - A script to list the VM and the group that has VIC access to it.

2 - Query the vCenter server to get the list of users that are in that group.

3 - I'm OK with manually checking the domain to see if the account exists, then creating accounts/groups as necessary, and finally assigning the VIC access for the new group.

Also open to any suggesstions on how anyone else has handled this. Thanks.

0 Kudos
3 Replies
MartinAmaro
Expert
Expert

Can you explain your need to delegate permissions?

VCenter had roles (Administrator, virtual machine power user, etc) with defined permissions you can use.

If you need different roles you can create your own.

Once you created the necessary roles then you apply them to vcenter resources at the farm-level Host-level, VMlevel, DataStore -level etc using AD Groups.

if you want to export the permissions you can find the script here

http://www.virtu-al.net/2009/06/15/vsphere-permissions-export-import-part-1/

If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful.
0 Kudos
crosen
Contributor
Contributor

I only want groups to see the VMs that they own. Each group has read only on the folder without propagation and then the ability to manage (power on/off, snapshots) to their individual VMs.

0 Kudos
crosen
Contributor
Contributor

Still an open issue. Has anyone gone through a similar exercise - either manually or scripted? Thanks.

0 Kudos