We are going to use VMA PowerCLI to start and stop SSH through vcenter for our ESXi 4.1 hosts. We need to do this as we will start ssh, run a security nessus scan and then stop ssh. We are quite happy with the VMA PowerCLI commands to do this and have seen a number of blogs on this subject. What we have done is create a specific AD user that we will use through PowerCLI to login to vCenter and perform the start and stopy of SSH. What I would like to do is restrict this user with a specific priviledge within vCenter so that all this user can do is start and stop SSH. Is there a specific priviledge within vCenter that I can create a role for and assign it to this user.
Yes, Host and then Config
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
To manipulate the host services, not ssh specifically, you will need the Host.Config.NetService privilege.
As you can see on the HostServiceSystem SDK page.
You will need some additional privileges just to access the vSphere server as well.
You can easily see those with for example
Get-VIRole -Name readonly | Get-VIPrivilege
To create a new role you could do
New-VIRole -Name ServiceOperator -Privilege (Get-virole readonly | Get-VIPrivilege)
Get-VIRole ServiceOperator | Set-VIRole -AddPrivilege "Network configuration"
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Where do I set Host.Config.NetService priviledge, as this doesn’t seem to be a setting in vCenter??
See the PowerCLI exmaple in my previous answer.
You can also do this in the vSphere Client when you go to the Roles entry.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
I don’t see this in the Roles entry
Is it under the host priviledge
Yes, Host and then Config
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference