Luc,

Thanks for the reply.  Sorry I may have been unclear.  I'm trying to avoid giving permissions to the root or the datacenter objects.  I'm attempting to just give permission to a specific folder in VMs & Templates view.

Then you would need to change the Entity parameter with the folder(s) to which you want to restrict the user.

I'm not sure I follow.  Change the Entity parameter?

Oh, the Entity parameter during the Get-VM.  Okay, I'm with you now.  Let me give that a shot.

You give the permission, with the minimal role, on the folder to which you want to restrict the user.

Something like this

Hehe okay, this is on me for poorly describing.  I'm not looking for how to use powershell to create a role/permission at a folder.  I already have the minimal permission set to the folder.  What I'm trying to do is that when the minimal permission is only at the VM & Templates view folder level, use powershell to run a Get-VM to power manage it.  But it's not working when the permission is only at the VM folder level.

Strange, that seems to be working for me.
I set the permission, with the minimla role, on a VM and Templates folder, named MyFolder.

The user can only do a Get-VM for VMs in that specific folder, and he can start/stop those VMs.

Could be that I'm completely misunderstanding your question.

Perhaps a picture with annotation would help 🙂

LOL  Pictures usually do.  But alas, I just figured it out.

When I only apply the minimal role at the VM folder, doing a 'Get-VM <vnmame>' returns nothing.  However, if I simply do a 'Get-Datacenter | Get-VM <vmname>' it works.  Not sure why that is, but I'll take it.

That shouldn't be required, unless you have multiple folders with the same name.

Ah-- that could be it then.  Multiple external PSCs (single SSO domain) and multiple connected vcenters and multiple duplicate folder names.  This is for a custom citrix VM power management role and we have many "Citrix" folders throughout the environment.

Then Folder By Path might come in handy :smileygrin: