VMware Cloud Community
vmhyperv
Contributor
Contributor
Jump to solution

Role and Permission in VC for each User

Hi Everyone,
     I want to pullout User Role and Permission for all the users exist in the VC to findout what previlege they have and what members they belong and also at what level from Powercli script in csv.Any help on this be appreciated.

thanks
vmguy

Reply
0 Kudos
1 Solution

Accepted Solutions
LucD
Leadership
Leadership
Jump to solution

You mean the XML file attached to your previous reply ?

Yes, I did. And it's empty (except for the XML framework).

That seems to indicate that the script wasn't able to retrieve the roles and permissions.

Which led me to believe that the 'Get-View AuthorizationManager' isn't working for one reason or the other.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

Reply
0 Kudos
17 Replies
LucD
Leadership
Leadership
Jump to solution

Have a look at Script to export vCenter Roles / Permissions


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

vmhyperv
Contributor
Contributor
Jump to solution

Thanks LucD,

         I will check once in office and reply you.

Thanks

vmguy

Reply
0 Kudos
vmhyperv
Contributor
Contributor
Jump to solution

LucD,

  I tried to execute the script but its  throws error

[vSphere PowerCLI] C:\tmp> .\export-xml-roles-permissions.ps1
Index operation failed; the array index evaluated to null.
At C:\tmp\export-xml-roles-permissions.ps1:32 char:17
+       $roleHash[ <<<< $_.RoleId] = $_.Name
    + CategoryInfo          : InvalidOperation: (System.Collections.Hashtable:Hashtable) [], RuntimeException
    + FullyQualifiedErrorId : NullArrayIndex

Method invocation failed because [System.Object[]] doesn't contain a method named 'RetrieveAllPermissions'.
At C:\tmp\export-xml-roles-permissions.ps1:36 char:45
+     $perms = $authMgr.RetrieveAllPermissions <<<< ()
    + CategoryInfo          : InvalidOperation: (RetrieveAllPermissions:String) [], RuntimeException
    + FullyQualifiedErrorId : MethodNotFound

Get-View : Cannot validate argument on parameter 'VIObject'. The argument is null or empty. Supply an argument that is not null or
the command again.
At C:\tmp\export-xml-roles-permissions.ps1:39 char:25
+       $entity = Get-View <<<<  $perm.Entity
    + CategoryInfo          : InvalidData: (:) [Get-View], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,VMware.VimAutomation.ViCore.Cmdlets.Commands.DotNetInterop.GetVIVie

You cannot call a method on a null-valued expression.
At C:\tmp\export-xml-roles-permissions.ps1:41 char:85
+       $ret | Add-Member -Type noteproperty -Name "EntityType" -Value $entity.gettype <<<< ().Name
    + CategoryInfo          : InvalidOperation: (gettype:String) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull

Index operation failed; the array index evaluated to null.
At C:\tmp\export-xml-roles-permissions.ps1:45 char:74
+       $ret | Add-Member -Type noteproperty -Name "Role" -Value $roleHash[ <<<< $perm.RoleId]
    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : NullArrayIndex

thanks

vmguy

Reply
0 Kudos
vmhyperv
Contributor
Contributor
Jump to solution

LucD,

   The scripts throws error so please let me know where its require correction.

thanks

vmguy

Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

Try the updated scripts published by Dawoo, see his vCenter Roles & Permissions Export / Import scripts post.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
vmhyperv
Contributor
Contributor
Jump to solution

LucD,

  Thanks for helping me again.I tried the updated one but it throws diffrent errors this time.i used the import script and have attached for correction.

[vSphere PowerCLI] C:\tmp> .\Roles.ps1
Index operation failed; the array index evaluated to null.
At C:\tmp\Roles.ps1:60 char:17
+       $roleHash[ <<<< $_.RoleId] = $_.Name
    + CategoryInfo          : InvalidOperation: (System.Collections.Hashtable:Hashtable) [], RuntimeException
    + FullyQualifiedErrorId : NullArrayIndex

Method invocation failed because [System.Object[]] doesn't contain a method named 'RetrieveAllPermissions'.
At C:\tmp\Roles.ps1:64 char:45
+     $perms = $authMgr.RetrieveAllPermissions <<<< ()
    + CategoryInfo          : InvalidOperation: (RetrieveAllPermissions:String) [], RuntimeException
    + FullyQualifiedErrorId : MethodNotFound

Get-View : Cannot validate argument on parameter 'VIObject'. The argument is null or empty. Supply an argument that is not null
the command again.
At C:\tmp\Roles.ps1:67 char:25
+       $entity = Get-View <<<<  $perm.Entity
    + CategoryInfo          : InvalidData: (:) [Get-View], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,VMware.VimAutomation.ViCore.Cmdlets.Commands.DotNetInterop.GetVIV

You cannot call a method on a null-valued expression.
At C:\tmp\Roles.ps1:69 char:85
+       $ret | Add-Member -Type noteproperty -Name "EntityType" -Value $entity.gettype <<<< ().Name
    + CategoryInfo          : InvalidOperation: (gettype:String) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull

Index operation failed; the array index evaluated to null.
At C:\tmp\Roles.ps1:73 char:74
+       $ret | Add-Member -Type noteproperty -Name "Role" -Value $roleHash[ <<<< $perm.RoleId]
    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : NullArrayIndex

thanks

vmguy

Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

Can you do the export again and eventually attach the generated XML file ?


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

vmhyperv
Contributor
Contributor
Jump to solution

thanks LucD,

  I have executed the script again and the output xml file attached.

Same error

[vSphere PowerCLI] C:\tmp> .\Roles.ps1
Index operation failed; the array index evaluated to null.
At C:\tmp\Roles.ps1:60 char:17
+       $roleHash[ <<<< $_.RoleId] = $_.Name
    + CategoryInfo          : InvalidOperation: (System.Collections.Hashtable:Hashtable) [], RuntimeException
    + FullyQualifiedErrorId : NullArrayIndex

Method invocation failed because [System.Object[]] doesn't contain a method named 'RetrieveAllPermissions'.
At C:\tmp\Roles.ps1:64 char:45
+     $perms = $authMgr.RetrieveAllPermissions <<<< ()
    + CategoryInfo          : InvalidOperation: (RetrieveAllPermissions:String) [], RuntimeException
    + FullyQualifiedErrorId : MethodNotFound

Get-View : Cannot validate argument on parameter 'VIObject'. The argument is null or empty. Supply an argument that is not null
the command again.
At C:\tmp\Roles.ps1:67 char:25
+       $entity = Get-View <<<<  $perm.Entity
    + CategoryInfo          : InvalidData: (:) [Get-View], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,VMware.VimAutomation.ViCore.Cmdlets.Commands.DotNetInterop.GetVIV

You cannot call a method on a null-valued expression.
At C:\tmp\Roles.ps1:69 char:85
+       $ret | Add-Member -Type noteproperty -Name "EntityType" -Value $entity.gettype <<<< ().Name
    + CategoryInfo          : InvalidOperation: (gettype:String) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull

Index operation failed; the array index evaluated to null.
At C:\tmp\Roles.ps1:73 char:74
+       $ret | Add-Member -Type noteproperty -Name "Role" -Value $roleHash[ <<<< $perm.RoleId]
    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : NullArrayIndex

vmguy

Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

It looks as if the script can't retrieve the AuthorizationManager object.

Does this

Get-View AuthorizationManager

return anything ?

I assume you are connected to a vCenter Server ?


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
vmhyperv
Contributor
Contributor
Jump to solution

LucD,

  Did you recevied the xml file.Just to confirm .

thanks

vmguy

Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

You mean the XML file attached to your previous reply ?

Yes, I did. And it's empty (except for the XML framework).

That seems to indicate that the script wasn't able to retrieve the roles and permissions.

Which led me to believe that the 'Get-View AuthorizationManager' isn't working for one reason or the other.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
vmhyperv
Contributor
Contributor
Jump to solution

LucD,

  You are right i am connceted to VC.Please find the output for Auth manager

[vSphere PowerCLI] C:\tmp> Get-View AuthorizationManager


PrivilegeList : {Anonymous, View, Read, ManageCustomFields...}
RoleList      : {NoAccess, Anonymous, View, ReadOnly...}
Description   : VMware.Vim.AuthorizationDescription
MoRef         : AuthorizationManager-AuthorizationManager
Client        : VMware.Vim.VimClient

PrivilegeList : {Anonymous, View, Read, ManageCustomFields...}
RoleList      : {NoAccess, Anonymous, View, ReadOnly...}
Description   : VMware.Vim.AuthorizationDescription
MoRef         : AuthorizationManager-AuthorizationManager
Client        : VMware.Vim.VimClient

thanks

vmguy

Reply
0 Kudos
vmhyperv
Contributor
Contributor
Jump to solution

LucD,

  Its seems  was connected to multiple vcenter server so i disconnected and executed the script so ithe output was avialabe in xml format.So it doesnt work for multiple vcenter server ? Can  the output be in csv format.I would say thanksfor giving your valuable me

Thanks

vmguy

Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

No, I'm afraid those scripts in their current form are for exporting and importing roles & permissions.

The purpose of the scripts was to do a migration from 1 vCenter to another vCenter.

If you just want to report the roles & permissions in a CSV file, you can do something like this.

And it should work against multiple vCenter connections as well (provide you connect in multi mode)

Get-VIPermission | 
Export-Csv
C:\permission.csv -NoTypeInformation -UseCulture

Get-VIRole |
Export-Csv
C:\roles.csv -NoTypeInformation -UseCulture

If you don't want all the properties in the CSV file, you can put a Select-Object before the Export-Csv cmdlets and specify just the properties you need in the CSV file


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
vmhyperv
Contributor
Contributor
Jump to solution

LucD,

  Full credit to you.I just right click the xml file there is an option for opening with excelsheet but your one is much better.But for multimode setting what

i need to do ? Thanks again for your help.Its was pilot project for me to findout becz there are many unwanted users existing  with Admin role so i need to remove them.Thanks

vmguy

Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

You can change between single- and multi-mode with the Set-PowerCLIConfiguration cmdlet.

For example, switch to multi-mode like this

Set-PowerCLIConfiguration -DefaultVIServerMode Multiple


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
vmhyperv
Contributor
Contributor
Jump to solution

LucD,

  These  cmdlet is an alternate for script

Get-VIPermission | 
Export-Csv C:\permission.csv -NoTypeInformation -UseCulture

Get-VIRole |
Export-Csv C:\roles.csv -NoTypeInformation -UseCulture

thanks
vmguy
Reply
0 Kudos