Solved: How to set system.view and system.anonymous

odiaz_iisl · ‎03-05-2009

I'm installing a backup software and it claims that the backup operator needs to have system.view and system.anonymous priviliges (among others). I am in the VC and can not find these privileges anywhere. I've searched all over the web and Vmware communities and I find lots of referneces to it but nowhere have I found how this gets set. Where/how do you assign these privileges?

LucD · ‎03-06-2009

You are right, the privilege group System is not visible in the VC.

These privileges are used "... to read certain properties of certain managed objects" according to the SDK Programming Guide on p 154.

That explains why they are not visible in the VC.

On the other hand all of the predefined roles in the VI contain the three System privileges (Anonymous, Read and View).

If you create a new role in the VC the three System privileges are automatically added to the privileges.

The following script allows you to create a list of roles and their privileges.

$report =@()

$authMgr = Get-View AuthorizationManager
foreach($role in $authMgr.RoleList){
foreach($priv in $role.Privilege){
  $row = "" | Select RoleName, Label, RoleId, Privilege
  $row.RoleName = $role.Name
  $row.Label = $role.Info.Label
  $row.RoleId = $role.RoleId
  $row.Privilege = $priv
  $report += $row
  }
}

$report | Export-Csv -path "c:/Temp/RolesPrivileges.csv" -noTypeInformation

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

View solution in original post

LucD · ‎03-05-2009

Have a look at , it contains a script that will list all privileges.

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

odiaz_iisl · ‎03-05-2009

Thank you for responding; from reading that thread, it looks like you need a windows Power shell program written with the VI SDK. Isn't there any other way to check to see if these priviliges are set or to set them on the esx servers or through VC? I don't know much about power shell and I don't have the SDK available at this customer.

LucD · ‎03-05-2009

The SDK isn't a separate product that needs to be installed.

When you have the VI, you can access the objects and methods of the SDK.

Bwt, privileges, roles and permission are set on the VC.

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

odiaz_iisl · ‎03-06-2009

Thank you again. The problem I am having is that the priviliges system.view and system.anonymous are not available form the VC. At least not from what I've seen and read over the past 24 hopurs.

LucD · ‎03-06-2009

You are right, the privilege group System is not visible in the VC.

These privileges are used "... to read certain properties of certain managed objects" according to the SDK Programming Guide on p 154.

That explains why they are not visible in the VC.

On the other hand all of the predefined roles in the VI contain the three System privileges (Anonymous, Read and View).

If you create a new role in the VC the three System privileges are automatically added to the privileges.

The following script allows you to create a list of roles and their privileges.

$report =@()

$authMgr = Get-View AuthorizationManager
foreach($role in $authMgr.RoleList){
foreach($priv in $role.Privilege){
  $row = "" | Select RoleName, Label, RoleId, Privilege
  $row.RoleName = $role.Name
  $row.Label = $role.Info.Label
  $row.RoleId = $role.RoleId
  $row.Privilege = $priv
  $report += $row
  }
}

$report | Export-Csv -path "c:/Temp/RolesPrivileges.csv" -noTypeInformation

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

odiaz_iisl · ‎03-06-2009

Thank you so very much, that was the information we were looking for. I kind of suspected that and I just wanted to verify but without the SDK there was no way of doing that. I really need to learn how to use the SDK. I downloaded power shell and the SDK last night but I did not have access to my customer's environment. I have a dev environment in our office so I am going to have to do some learning .

All

How to set system.view and system.anonymous