VMware Cloud Community
aravinds3107
Virtuoso
Virtuoso

List the role and their Priviliges

I am looking to list down all the roles in vCenter and their Privilege assigned to each role. I am able to do this by

Get-VIRole NetworkConsumer | Get-VIPrivilege | select Name, ID

Above gives me the privilege name and ID for the role which I am selecting

Is there to list all the roles and their associated privilege together like ?

RolePrivilege NamePrivilege ID
If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful |Blog: http://aravindsivaraman.com/ | Twitter : ss_aravind
26 Replies
LucD
Leadership
Leadership

Something like this

foreach($role in Get-VIRole){

    Get-VIPrivilege -Role $role |

    Select @{N="Role";E={$role.Name}},@{N="Privilege Name";E={$_.Name}},@{N="Privilege ID";E={$_.ID}}

}


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
aravinds3107
Virtuoso
Virtuoso

When i execute the script it gives me the below error and then provides the reuired output

Get-VIPrivilege : 22/05/2014 3:11:10 PM    Get-VIPrivilege        Value cannot be null.

Parameter name: collection

At C:\Users\Aravind\AppData\Local\Temp\Untitled1.ps1:3 char:5

+     Get-VIPrivilege -Role $role |

+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : NotSpecified: (:) [Get-VIPrivilege], VimException

    + FullyQualifiedErrorId : Core_BaseCmdlet_UnknownError,VMware.VimAutomation.ViCore.Cmdlets.Commands.PermissionMa

   nagement.GetVIPrivilege

When i try to export to CSV gives an error

At C:\Users\Aravind\AppData\Local\Temp\Untitled1.ps1:5 char:2

+ }| Export-Csv "C:\Scripts.per,csv" -NoTypeInformation -UseCulture

+  ~

An empty pipe element is not allowed.

    + CategoryInfo          : ParserError: (:) [], ParseException

    + FullyQualifiedErrorId : EmptyPipeElement

If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful |Blog: http://aravindsivaraman.com/ | Twitter : ss_aravind
Reply
0 Kudos
LucD
Leadership
Leadership

The 1st error is because the NoAccess role has no privileges.

You can suppress that error by adding an ErrorAction parameter (see below)

The ForEach cmdlet doesn't place anything in the pipeline, hence the error message.

You can use the Call operator to fix this, something like this

&{foreach($role in Get-VIRole){

    Get-VIPrivilege -Role $role -ErrorAction SilentlyContinue |

    Select @{N="Role";E={$role.Name}},@{N="Privilege Name";E={$_.Name}},@{N="Privilege ID";E={$_.ID}}

}} | Export-Csv report.csv -NoTypeInformation -UseCulture


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

aravinds3107
Virtuoso
Virtuoso

That works correctly, Is it possible to combine the the output of the below one liner with the above script and place them in same worksheet one below the one

$global:DefaultVIServers | Select Version,build


Get-VIPermission | select Principal, Role, Entity, Propagate

If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful |Blog: http://aravindsivaraman.com/ | Twitter : ss_aravind
Reply
0 Kudos
LucD
Leadership
Leadership

It is cumbersome to combine arrays with different layouts (columns) to a single Export-Csv.

The best would be to go for the Export-Xlsx and then send the different results to separate worksheets (as we discussed in the other thread).


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
aravinds3107
Virtuoso
Virtuoso

Thanks, I will look for other options,

I am trying to remove the row for each value with the conversion script which i have got for other script but I am getting an error

&{foreach($row in (Import-Csv C:\Scripts\Permission.CSV -UseCulture)){

     $script:first = $true

            New-Object PSObject -Property @{

          "Role" = &{

            if($script:first){

              $row."Role"

              $script:first = $false

            }

            else{""}

          }

          "Assigned Privileges" = $_

        }        

    else{$row}

}} | Select "Role","Assigned Privileges" |

Export-Csv "C:\Scripts\Permission-new.CSV" -NoTypeInformation -UseCulture

Error message

The term 'else' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and t

ry again.

At C:\Scripts\r3.ps1:13 char:9

+     else <<<< {$row}

    + CategoryInfo          : ObjectNotFound: (else:String) [], CommandNotFoundException

    + FullyQualifiedErrorId : CommandNotFoundException

If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful |Blog: http://aravindsivaraman.com/ | Twitter : ss_aravind
Reply
0 Kudos
LucD
Leadership
Leadership

The line "else{$row}" doesn't seem to correspond with an If statement, hence the error message.

Not exactly sure what you are trying to do here.

Are you trying to blank the Role property, when it is the same as the previous row ?

Then you could do something like this

&{foreach($row in (Import-Csv C:\Scripts\Permission.CSV -UseCulture)){

        if($prevRole -and $row.Role -eq $prevRole){

            $role = ""

        }

        Else{

            $role = $prevRole = $row.Role

        }

        New-Object PSObject -Property @{

            Role = $role

            "Assigned privilege" = $row."Assigned Privilege"

        }

    }} | Select "Role","Assigned Privilege" |

Export-Csv "C:\Scripts\Permission-new.CSV" -NoTypeInformation -UseCulture


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
aravinds3107
Virtuoso
Virtuoso

Yes I am trying to blank the row if it same as the previous one.

Script blanks the row and it also remove the Assigned Privilege column as well

If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful |Blog: http://aravindsivaraman.com/ | Twitter : ss_aravind
Reply
0 Kudos
LucD
Leadership
Leadership

Do you have "Assigned Privileges" or "Assigned Privilege" in the column header in the CSV ?

Adapt the script accordingly.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
Shahzada
Contributor
Contributor

:smileyplain:

Reply
0 Kudos
aravinds3107
Virtuoso
Virtuoso

I am using the script along with the Export-XLSx function, Is it possible to merge the cell for which the rows are all same , instead of just blanking them out.I have come across Merge method, but I think we have to specify a range for the merge. Is it possible to achieve this here?

If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful |Blog: http://aravindsivaraman.com/ | Twitter : ss_aravind
Reply
0 Kudos
LucD
Leadership
Leadership

I'm afraid that is not possible with the Export-Xlsx cmdlet.

That would require some separate code, see for example How do I merge cells in an Excel spreadsheet using PowerShell?


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
aravinds3107
Virtuoso
Virtuoso

Thanks Luc, I did check that but the problem what I see here is to specify the range for the cells to be merged.

Also we are exporting the report to a CSV and using the conversion script to blank the role, Want to know if its possible to store the output to an object and then manipulate the data as required.

If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful |Blog: http://aravindsivaraman.com/ | Twitter : ss_aravind
Reply
0 Kudos
LucD
Leadership
Leadership

You can use the same conversion script, instead of reading from a CSV, you would get the rows from the array.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
aravinds3107
Virtuoso
Virtuoso

I have tried to modify the script as below, it displays the output on the screen but there is the CSV file is empty... tried the same with one more script which I am using it works fine there, can u tell wht i am doing wrong here

$report = @()

&{foreach($role in Get-VIRole){

    Get-VIPrivilege -Role $role -ErrorAction SilentlyContinue |

    Select @{N="Role";E={$role.Name}},@{N="Assigned Privileges";E={$_.ID}}

}}

&{foreach($row in $report){

        if($prevRole -and $row.Role -eq $prevRole){

            $role = ""

        }

        Else{

            $role = $prevRole = $row.Role

        }

        New-Object PSObject -Property @{

            Role = $role

            "Assigned privileges" = $row."Assigned Privileges"

        }

    }} | Select "Role","Assigned Privileges" | Export-CSV "C:\Scripts\role.csv

If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful |Blog: http://aravindsivaraman.com/ | Twitter : ss_aravind
Reply
0 Kudos
aravinds3107
Virtuoso
Virtuoso

@ LucD - Can you take a look at the script which I have pasted above and tell me whats wrong as I am not able to get this part woking

If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful |Blog: http://aravindsivaraman.com/ | Twitter : ss_aravind
Reply
0 Kudos
LucD
Leadership
Leadership

Try like this

$report = @()

foreach($role in Get-VIRole){

    $report += (Get-VIPrivilege -Role $role -ErrorAction SilentlyContinue |

    Select @{N="Role";E={$role.Name}},@{N="Assigned Privileges";E={$_.ID}})

}

$newreport = &{foreach($row in ($report | where {$_})){

    if($prevRole -and $row.Role -eq $prevRole){

        $role = ""

    }

    Else{

        $role = $prevRole = $row.Role

    }

    New-Object PSObject -Property @{

        Role = $role

        "Assigned privileges" = $row."Assigned Privileges"

    }

}}

$newreport | Select "Role","Assigned Privileges" |

Export-CSV C:\role.csv -NoTypeInformation -UseCulture


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
VSnip
Enthusiast
Enthusiast

Hello LucD

I tried this script inspired by your script:

Add-PSSnapin VMware.VimAutomation.Core

Connect-VIServer -Server xxx

&{foreach($role in Get-VIRole){

Get-VIPrivilege -Role $role | Select @{N="Role";E={$role.Name}},@{N="Privilege Name";E={$_.Name}},@{N="Privilege ID";E={$_.ID}}

}} | Export-Csv report.csv -NoTypeInformation -UseCulture

Disconnect-VIServer -Server xxx -Confirm:$FALSE

I have this error:

Get-VIPrivilege : 5/30/2017 5:36:18 PM    Get-VIPrivilege        Value cannot be null.

Parameter name: collection  

At line:6 char:1

+ Get-VIPrivilege -Role $role | Select @{N="Role";E={$role.Name}},@{N="Privilege N ...

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : NotSpecified: (:) [Get-VIPrivilege], VimException

    + FullyQualifiedErrorId : Core_BaseCmdlet_UnknownError,VMware.VimAutomation.ViCore.Cmdlets.Commands.PermissionManagement.GetVIPrivilege

I don't know why I've this message. I've my file created with results...

Can you help me? please


Thank you for your help

Reply
0 Kudos
LucD
Leadership
Leadership

Could it be that you have Role in your vCenter that is corrupted in one way or the other?

Do you get all the roles when you do Get-VIRole?


Which PowerCLI version are you using?
Do a Get-PowerCLIVersion


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos