Solved: Question on Entity argument in new-vipermission

jeffj2000 · ‎11-05-2022

Hello. I am writing simple script to assign permissions and I cannot figure out how to reference the actual vCenter object, which we have a custom role on. I can reference all our other entities we have custom roles. For instance here is me assigning NoAccess to a special datastore folder.

New-VIPermission -Role NoAccess -Entity (Get-Folder -Type Datastore -Name "NO-ACCESS") -Principal “xxx”

We have custom roles on Datacenter, Storage folder, VM folder, and vCenter object. I cannot figure out to how to pass the vCenter object in the Entity variable. Thank you.

LucD · ‎11-05-2022

Try with

$root = Get-Folder -Name 'Datacenters'

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

View solution in original post

LucD · ‎11-05-2022

Try with

$root = Get-Folder -Name 'Datacenters'

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

jeffj2000 · ‎11-05-2022

EDIT: This is working. I got it with your example. Thank you very much!

I saw that on get-vipermission when trying to see how I reference it. But this still makes no sense to me. If we look at the permissions like this:

vcenter.xxx. (vCenter-Role)

Datacenter-1. (Datacenter Role)

Cluster-1

Folder (Folder Role)

DataCenter-1 (Datacenter Role)

etc

The Datacenter entity has a different Role than the role that is attached directly on the vCenter at the top. I hope I make myself clear, Thank you.

LucD · ‎11-05-2022

That could mean there is an explicit permission for that role on the Datacenter.
That overrides the Propagate on the vCenter, provided we are looking at the same Principal.

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

All

Question on Entity argument in new-vipermission