Solved: Re: List of Unused vCenter Roles

fourpixels · ‎10-26-2020

Hi all.

I'm working on a review of unused vCenter roles in our environment and found this script below.

Get-VIPermission | Select Role, Principal, Entity, UID | Export-CSV “E:\JCEM\Rights.csv”

However, it seems that it only getting the roles that are currently assigned.

Can anyone help how can I also pull the roles that are not being used?

Thanks

LucD · ‎10-27-2020

You could do something like this

$roles = @{}

Get-VIRole | ForEach-Object -Process {

$roles.Add($_.Name,'')

}

Get-VIPermission | ForEach-Object -Process {

if($roles.ContainsKey($_.Role)){

$roles.Remove($_.Role)

}

$roles.Keys

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

View solution in original post

LucD · ‎10-27-2020

You could do something like this

$roles = @{}

Get-VIRole | ForEach-Object -Process {

$roles.Add($_.Name,'')

}

Get-VIPermission | ForEach-Object -Process {

if($roles.ContainsKey($_.Role)){

$roles.Remove($_.Role)

}

$roles.Keys

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

fourpixels · ‎10-27-2020

Thanks LucD it works!

fourpixels · ‎10-28-2020

Hi LucD,

Question, do you have idea how can I setup a report that will show both in used and unused roles?

LucD · ‎10-28-2020

Try like this

$roles = @{}

Get-VIRole | ForEach-Object -Process {

$roles.Add($_.Name,'NotUsed')

}

Get-VIPermission | ForEach-Object -Process {

if($roles.ContainsKey($_.Role)){

$roles.Item($_.Role) = 'Used'

}

Write-Host "Not Used roles`n"

$roles.GetEnumerator().where{$_.Value -eq 'NotUsed'}.Name

Write-Host "`nUsed roles`n"

$roles.GetEnumerator().where{$_.Value -eq 'Used'}.Name

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

fourpixels · ‎10-28-2020

Thanks LucD for the help!

All

List of Unused vCenter Roles