Thank you for the quick reply LucD. Here are the scripts I am using:
###Export###
$outputdir = "C:\Support\Roles\"
# Root of the XML file
$global:vInventory = [xml]"<Inventory></Inventory>"
# Functions
function New-XmlNode{
param($node, $nodeName)
$tmp = $global:vInventory.CreateElement($nodeName)
$node.AppendChild($tmp)
}
function Set-XmlAttribute{
param($node, $name, $value)
$node.SetAttribute($name, $value)
}
function Get-XmlNode{
param ($path)
$global:vInventory.SelectNodes($path)
}
function Get-Roles{
begin{
$authMgr = Get-View AuthorizationManager
$report = @()
}
process{
foreach($role in $authMgr.roleList){
$ret = New-Object PSObject
$ret | Add-Member -Type noteproperty -Name "Name" -Value $role.name
$ret | Add-Member -Type noteproperty -Name "Label" -Value $role.info.label
$ret | Add-Member -Type noteproperty -Name "Summary" -Value $role.info.summary
$ret | Add-Member -Type noteproperty -Name "RoleId" -Value $role.roleId
$ret | Add-Member -Type noteproperty -Name "System" -Value $role.system
$ret | Add-Member -Type noteproperty -Name "Privilege" -Value $role.privilege
$report += $ret
}
}
end{
return $report
}
}
function Get-Permissions
{
begin{
$report = @()
$authMgr = Get-View AuthorizationManager
$roleHash = @{}
$authMgr.RoleList | %{
$roleHash[$_.RoleId] = $_.Name
}
}
process{
$perms = $authMgr.RetrieveAllPermissions()
foreach($perm in $perms){
$ret = New-Object PSObject
$entity = Get-View $perm.Entity
$ret | Add-Member -Type noteproperty -Name "Entity" -Value $entity.Name
$ret | Add-Member -Type noteproperty -Name "EntityType" -Value $entity.gettype().Name
$ret | Add-Member -Type noteproperty -Name "Group" -Value $perm.Group
$ret | Add-Member -Type noteproperty -Name "Principal" -Value $perm.Principal
$ret | Add-Member -Type noteproperty -Name "Propagate" -Value $perm.Propagate
$ret | Add-Member -Type noteproperty -Name "Role" -Value $roleHash[$perm.RoleId]
$report += $ret
}
}
end{
return $report
}
}
$global:vInventory = [xml]"<Inventory><Roles/><Permissions/></Inventory>"
# Main
# Roles
$XMLRoles = Get-XmlNode "Inventory/Roles"
Get-Roles | where {-not $_.System} | % {
$XMLRole = New-XmlNode $XMLRoles "Role"
Set-XmlAttribute $XMLRole "Name" $_.Name
Set-XmlAttribute $XMLRole "Label" $_.Label
Set-XmlAttribute $XMLRole "Summary" $_.Summary
$_.Privilege | % {
$XMLPrivilege = New-XmlNode $XMLRole "Privilege"
Set-XmlAttribute $XMLPrivilege "Name" $_
}
}
# Permissions
$XMLPermissions = Get-XmlNode "Inventory/Permissions"
Get-Permissions | % {
$XMLPerm = New-XmlNode $XMLPermissions "Permission"
Set-XmlAttribute $XMLPerm "Entity" $_.Entity
Set-XmlAttribute $XMLPerm "EntityType" $_.EntityType
Set-XmlAttribute $XMLPerm "Group" $_.Group
Set-XmlAttribute $XMLPerm "Principal" $_.Principal
Set-XmlAttribute $XMLPerm "Propagate" $_.Propagate
Set-XmlAttribute $XMLPerm "Role" $_.Role
}
# Create XML file
$global:vInventory.Save($outputdir + "vcenter.xml")
###Import###
# Functions
function New-Role
{
param($name, $privIds)
Begin{}
Process{
$roleId = $authMgr.AddAuthorizationRole($name,$privIds)
}
End{
return $roleId
}
}
function Set-Permission
{
param(
[VMware.Vim.ManagedEntity]$object,
[VMware.Vim.Permission]$permission
)
Begin{}
Process{
$perms = $authMgr.SetEntityPermissions($object.MoRef,@($permission))
}
End{
return
}
}
# Main
# Create hash table with the current roles
$authMgr = Get-View AuthorizationManager
$roleHash = @{}
$authMgr.RoleList | % {
$roleHash[$_.Name] = $_.RoleId
}
# Read XML file
$XMLfile = "C:\Support\Roles\vcenter.xml"
$vInventory = [xml]"<dummy/>"
$vInventory.Load($XMLfile)
# Define Xpaths for the roles and the permissions
$XpathRoles = "Inventory/Roles/Role"
$XpathPermissions = "Inventory/Permissions/Permission"
# Create custom roles
$vInventory.SelectNodes($XpathRoles) | % {
if(-not $roleHash.ContainsKey($_.Name)){
$privArray = @()
$_.Privilege | % {
$privArray += $_.Name
}
$roleHash[$_.Name] = (New-Role $_.Name $privArray)
}
}
# Set permissions
$vInventory.SelectNodes($XpathPermissions) | % {
$perm = New-Object VMware.Vim.Permission
$perm.group = &{if ($_.Group -eq "true") {$true} else {$false}}
$perm.principal = $_.Principal
$perm.propagate = &{if($_.Propagate -eq "true") {$true} else {$false}}
$perm.roleId = $roleHash[$_.Role]
$EntityName = $_.Entity.Replace("(","\(").Replace(")","\)")
$EntityName = $EntityName.Replace("[","\[").Replace("]","\]")
$EntityName = $EntityName.Replace("{","\{").Replace("}","\}")
$entity = Get-View -ViewType $_.EntityType -Filter @{"Name"=("^" + $EntityName + "$")}
Set-Permission $entity $perm
}