VMware Cloud Community
cno211cno
Contributor
Contributor

Reporting Privileges delegated to Roles

I have been digging through the forum to try and come up with a solution to report on what privileges are defined in each role. I have taken a look at: http://communities.vmware.com/message/1066898#1066898

and identifed the script that would list all privileges and the script that would identify all the roles. Is there a way to combine the two so that I can have a CSV file that would list something like below?

Role: ######

Privileges:

#####

Reply
0 Kudos
2 Replies
LucD
Leadership
Leadership

That is rather straightforward.

Each role in the roleList property contains an array, under property privilege, that contains all the privileges for that role.

The only problem if you want to export that information to a CSV file, is that you can not export a row containing an array to the CSV file.

A solution is to have a row per privilege in the CSV file.

Something like this:

role1, privilege1
role1, privilege2
role2, privilege1

This script does just that

$report =@()

$authMgr = Get-View AuthorizationManager
foreach($role in $authMgr.RoleList){
  if($role.Privilege -ne $null){
    foreach($priv in $role.Privilege){
      $row = "" | Select RoleName, Label, RoleId, System, Privilege 
      $row.RoleName = $role.Name
      $row.Label = $role.Info.Label
      $row.RoleId = $role.RoleId
      $row.System = $role.System
      $row.Privilege = $priv
	  $report += $row
    }
  }
  else{
    $row = "" | Select RoleName, Label, RoleId, System, Privilege 
    $row.RoleName = $role.Name
    $row.Label = $role.Info.Label
    $row.RoleId = $role.RoleId
    $row.System = $role.System
    $row.Privilege = $null
    $report += $row
  }
}

$report | Export-Csv -path "c:/Roles.csv" -noTypeInformation


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
cno211cno
Contributor
Contributor

This is great. Thank you very much for your time and efforts.

Reply
0 Kudos