I am working on a larger script that includes a function to pull permissions from a datacenter. At present I am using this:
...
#Get all DataCenter level Permissions
Get-VIPermission -Entity $sDC |
Export-Clixml $sDir\DC_Permissions.xml
...
This works, but it pulls all permissions, including those set at the parent. I then have to do some massaging when I import this datacenter into another vCenter to cut those propogated items out, or do a SilentlyContinue. Just curious if there is an easy way to tell it to grab from the Datacenter only those permissions that are defined on that object. I have been reading through the Get-VIPermission documentation and Googling, but haven't stumbled across a way yet.
You will have to change line 7.
The first parameter is the MoRef for the entity for which you want to retrieve the permissions.
That should be
$authMgr.RetrieveEntityPermissions($dc.ExtensionData.MoRef,$inherited)
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
The Get-VIPermission cmdlet always returns the inherited permissions as well.
You'll have to revert to the API RetrieveEntityPermissions method to avoid getting the inherited permissions.
Something like this for example
$dcName = 'MyDC'
$authMgr = Get-View AuthorizationManager
$dc = Get-Datacenter -Name $dcName
$inherited = $false
$authMgr.RetrieveEntityPermissions($folder.ExtensionData.MoRef,$inherited)
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Thanks for the suggestion, I was unaware of that method. This is what I am trying then:
$dcName = 'DPI'
Connect-VIServer -Server "myserver" -User "Administrator@LC.Local" -Password "MyPW"
$authMgr = Get-View AuthorizationManager
$dc = Get-Datacenter -Name $dcName
$inherited = $false
$authMgr.RetrieveEntityPermissions($folder.ExtensionData.MoRef,$inherited)
Disconnect-VIServer -Server "myserver" -Confirm:$false
And am getting this error. It appears like it is looking for another parameter:
Exception calling "RetrieveEntityPermissions" with "2" argument(s): "
Required parameter entity is missing
while parsing call information for method RetrieveEntityPermissions
at line 1, column 171
while parsing SOAP body
at line 1, column 64
while parsing SOAP envelope
at line 1, column 0
while parsing HTTP request for method retrieveEntityPermissions
on object of type vim.AuthorizationManager
at line 1, column 0"
At line:10 char:1
+ $authMgr.RetrieveEntityPermissions($folder.ExtensionData.MoRef,$inherited)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : VimException
You will have to change line 7.
The first parameter is the MoRef for the entity for which you want to retrieve the permissions.
That should be
$authMgr.RetrieveEntityPermissions($dc.ExtensionData.MoRef,$inherited)
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
You are awesome as usual, thanks for the help!
Ok, so I lied. I thought I had the structure down, it works for both the datacenter and cluster level. But I cannot seem to get it to work for folder level. If I know the folder name it works, i.e.:
...vCenter connection
$folder = Get-Folder MDC
$authMgr.RetrieveEntityPermissions($folder.ExtensionData.MoRef,$inherited) |
Export-Clixml C:\Users\Administrator\Desktop\Output.xml
...
But I haven't found an elegant way to grab all the folders from the cluster, get the object-level permissions and then output to a single xml. After mucking about for a while, I came up with this:
$folders = $dc | Get-Folder
foreach ($item in $folders) {
$name = Get-Folder $item.Name
$authMgr.RetrieveEntityPermissions($name.ExtensionData.MoRef,$inherited) |
Export-Clixml C:\Users\Administrator\Desktop\$name.xml
}
It works, outputs the xml files, but I know it is horribly redundant with the double call to Get-Folder. It also produces an error for each folder, even though I get the output I desire:
Cannot convert argument "entity", with value: "System.Object[]", for "RetrieveEntityPermissions" to type "VMware.Vim.ManagedObjectReference": "Cannot convert the
"System.Object[]" value of type "System.Object[]" to type "VMware.Vim.ManagedObjectReference"."
At line:20 char:9
+ $authMgr.RetrieveEntityPermissions($name.ExtensionData.MoRef,$inherited) ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodException
+ FullyQualifiedErrorId : MethodArgumentConversionInvalidCastArgument
Try like this
$dcName = 'MDC'
Connect-VIServer -Server "myserver" -User "Administrator@LC.Local" -Password "MyPW"
$authMgr = Get-View AuthorizationManager
$dc = Get-Datacenter -Name $dcName
$inherited = $false
$report = foreach($folder in (Get-Folder -Location $dc)){
$authMgr.RetrieveEntityPermissions($folder.ExtensionData.MoRef,$inherited) |
Select @{N='Folder';E={$folder.Name}},
Principal,Group,RoleId,Propagate
}
$report | Export-Clixml C:\Users\Administrator\Desktop\Output.xml
Disconnect-VIServer -Server "myserver" -Confirm:$false
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference