VMware Cloud Community
vkaranam
Enthusiast
Enthusiast
‎10-09-2012 12:55 PM
Jump to solution

Re: Script to retrive vCenter Roles and Responsibilites

Hello Guys,

I am in need of a script to do the following

The script should generate the following details in a csv format : vCenter Roles and Responsibilities --> AD Groups Assigned to that Role--> privileges assigned to that role.

vCenter   Roles Name
(Listing out all the roles)		Usage Details
(Listing out the groups or users
added to the particular role)		List out each and every   privilege of the role.
Eg: datacenter-->Global etc..

Thanks

VK

Reply
0 Kudos
1 Solution

Accepted Solutions
Chaz999
Enthusiast
Enthusiast
‎10-09-2012 01:12 PM
Jump to solution

hello

Always try to LucD scripts, he is one of the best scripter, check below one of his script

http://communities.vmware.com/message/1642302

Thanks

View solution in original post

Reply
0 Kudos
2 Replies
Chaz999
Enthusiast
Enthusiast
‎10-09-2012 01:12 PM
Jump to solution

hello

Always try to LucD scripts, he is one of the best scripter, check below one of his script

http://communities.vmware.com/message/1642302

Thanks

Reply
0 Kudos
vkaranam
Enthusiast
Enthusiast
‎10-09-2012 02:34 PM
Jump to solution

Hello Chaz999

Thankls a lot  for your sugesstion to follow LucD. It resolved my issues and let me check if my team satisfies with the output.

I have to add the following in the code to get the correct output which was suggested by mitchum in the blog.

There are 2 things to have the script working:
- Remove the global type for vInventory variable -- I didnt tried this but working fine.
- Define the vInventory variable to be a XML object: --- I have to add this before the vInventory variable.
[XML] $vInventory = “”

So here is the script pasted with modifications to import the vc roles.

---------------------------------------------------------------------------------------------------------------------

function Get-Roles
{
  Begin{
    $authMgr = Get-View AuthorizationManager
    $report = @()
  }
  Process{
    foreach($role in $authMgr.roleList){
      $ret = New-Object PSObject
      $ret | Add-Member -Type noteproperty -Name “Name” -Value $role.name
      $ret | Add-Member -Type noteproperty -Name “Label” -Value $role.info.label
      $ret | Add-Member -Type noteproperty -Name “Summary” -Value $role.info.summary
      $ret | Add-Member -Type noteproperty -Name “RoleId” -Value $role.roleId
      $ret | Add-Member -Type noteproperty -Name “System” -Value $role.system
      $ret | Add-Member -Type noteproperty -Name “Privilege” -Value $role.privilege
      $report += $ret
    }
  }
  End{
    return $report
  }
}
function Get-Permissions
{
  Begin{
    $report = @()
    $authMgr = Get-View AuthorizationManager
    $roleHash = @{}
    $authMgr.RoleList | %{
      $roleHash[$_.RoleId] = $_.Name
    }
  }
  Process{
    $perms = $authMgr.RetrieveAllPermissions()
    foreach($perm in $perms){
      $ret = New-Object PSObject
      $entity = Get-View $perm.Entity
      $ret | Add-Member -Type noteproperty -Name “Entity” -Value $entity.Name
      $ret | Add-Member -Type noteproperty -Name “EntityType” -Value $entity.gettype().Name
      $ret | Add-Member -Type noteproperty -Name “Group” -Value $perm.Group
      $ret | Add-Member -Type noteproperty -Name “Principal” -Value $perm.Principal
      $ret | Add-Member -Type noteproperty -Name “Propagate” -Value $perm.Propagate
      $ret | Add-Member -Type noteproperty -Name “Role” -Value $roleHash[$perm.RoleId]
      $report += $ret
    }
  }
  End{
    return $report
  }
}
function New-XmlNode{
  param($node, $nodeName)
  $tmp = $global:vInventory.CreateElement($nodeName)
  $node.AppendChild($tmp)
}
function Set-XmlAttribute{
  param($node, $name, $value)
  $node.SetAttribute($name, $value)
}
function Get-XmlNode{
  param($path)
  $global:vInventory.SelectNodes($path)
}
[XML]$vInventory = “<Inventory><Roles/><Permissions/></Inventory>”
# Roles
$XMLRoles = Get-XmlNode “Inventory/Roles”
Get-Roles | where {-not $_.System} | % {
  $XMLRole = New-XmlNode $XMLRoles “Role”
  Set-XmlAttribute $XMLRole “Name” $_.Name
  Set-XmlAttribute $XMLRole “Label” $_.Label
  Set-XmlAttribute $XMLRole “Summary” $_.Summary
  $_.Privilege | % {
    $XMLPrivilege = New-XmlNode $XMLRole “Privilege”
    Set-XmlAttribute $XMLPrivilege “Name” $_
  }
}
# Permissions
$XMLPermissions = Get-XmlNode “Inventory/Permissions”
Get-Permissions | % {
  $XMLPerm = New-XmlNode $XMLPermissions “Permission”
  Set-XmlAttribute $XMLPerm “Entity” $_.Entity
  Set-XmlAttribute $XMLPerm “EntityType” $_.EntityType
  Set-XmlAttribute $XMLPerm “Group” $_.Group
  Set-XmlAttribute $XMLPerm “Principal” $_.Principal
  Set-XmlAttribute $XMLPerm “Propagate” $_.Propagate
  Set-XmlAttribute $XMLPerm “Role” $_.Role
}
$vInventory.Save(“C:\vInventory.xml”)
---------------------------------------------------------------------------------------------------------------------

Thanks a lot to everyone for such a wonderful script.

VK

Reply
0 Kudos