Hi all.
I'm working on a review of unused vCenter roles in our environment and found this script below.
Get-VIPermission | Select Role, Principal, Entity, UID | Export-CSV “E:\JCEM\Rights.csv”
However, it seems that it only getting the roles that are currently assigned.
Can anyone help how can I also pull the roles that are not being used?
Thanks
You could do something like this
Get-VIRole | ForEach-Object -Process {
$roles.Add($_.Name,'')
}
Get-VIPermission | ForEach-Object -Process {
if($roles.ContainsKey($_.Role)){
$roles.Remove($_.Role)
}
}
$roles.Keys
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
You could do something like this
Get-VIRole | ForEach-Object -Process {
$roles.Add($_.Name,'')
}
Get-VIPermission | ForEach-Object -Process {
if($roles.ContainsKey($_.Role)){
$roles.Remove($_.Role)
}
}
$roles.Keys
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Thanks LucD it works!
Hi LucD,
Question, do you have idea how can I setup a report that will show both in used and unused roles?
Try like this
Get-VIRole | ForEach-Object -Process {
$roles.Add($_.Name,'NotUsed')
}
Get-VIPermission | ForEach-Object -Process {
if($roles.ContainsKey($_.Role)){
$roles.Item($_.Role) = 'Used'
}
}
Write-Host "Not Used roles`n"
$roles.GetEnumerator().where{$_.Value -eq 'NotUsed'}.Name
Write-Host "`nUsed roles`n"
$roles.GetEnumerator().where{$_.Value -eq 'Used'}.Name
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Thanks LucD for the help!