Automation

 View Only

  • 1.  List of Unused vCenter Roles

    Posted Oct 27, 2020 03:33 AM

    Hi all.

    I'm working on a review of unused vCenter roles in our environment and found this script below.

    Get-VIPermission | Select Role, Principal, Entity, UID | Export-CSV “E:\JCEM\Rights.csv”

    However, it seems that it only getting the roles that are currently assigned.

    Can anyone help how can I also pull the roles that are not being used?

    Thanks



  • 2.  RE: List of Unused vCenter Roles
    Best Answer

    Posted Oct 27, 2020 07:58 AM

    You could do something like this

    $roles = @{}

    Get-VIRole | ForEach-Object -Process {

      $roles.Add($_.Name,'')

    }


    Get-VIPermission | ForEach-Object -Process {

      if($roles.ContainsKey($_.Role)){

        $roles.Remove($_.Role)

      }

    }

    $roles.Keys



  • 3.  RE: List of Unused vCenter Roles

    Posted Oct 28, 2020 12:25 AM

    Thanks LucD it works!



  • 4.  RE: List of Unused vCenter Roles

    Posted Oct 28, 2020 07:03 AM

    Hi LucD,

    Question, do you have idea how can I setup a report that will show both in used and unused roles?



  • 5.  RE: List of Unused vCenter Roles

    Posted Oct 28, 2020 08:43 AM

    Try like this

    $roles = @{}

    Get-VIRole | ForEach-Object -Process {

      $roles.Add($_.Name,'NotUsed')

    }


    Get-VIPermission | ForEach-Object -Process {

      if($roles.ContainsKey($_.Role)){

        $roles.Item($_.Role) = 'Used'

      }

    }


    Write-Host "Not Used roles`n"

    $roles.GetEnumerator().where{$_.Value -eq 'NotUsed'}.Name


    Write-Host "`nUsed roles`n"

    $roles.GetEnumerator().where{$_.Value -eq 'Used'}.Name



  • 6.  RE: List of Unused vCenter Roles

    Posted Oct 29, 2020 03:35 AM

    Thanks LucD for the help!