Hi Everyone,
I want to pullout User Role and Permission for all the users exist in the VC to findout what previlege they have and what members they belong and also at what level from Powercli script in csv.Any help on this be appreciated.
thanks
vmguy
You mean the XML file attached to your previous reply ?
Yes, I did. And it's empty (except for the XML framework).
That seems to indicate that the script wasn't able to retrieve the roles and permissions.
Which led me to believe that the 'Get-View AuthorizationManager' isn't working for one reason or the other.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Have a look at Script to export vCenter Roles / Permissions
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Thanks LucD,
I will check once in office and reply you.
Thanks
vmguy
LucD,
I tried to execute the script but its throws error
[vSphere PowerCLI] C:\tmp> .\export-xml-roles-permissions.ps1
Index operation failed; the array index evaluated to null.
At C:\tmp\export-xml-roles-permissions.ps1:32 char:17
+ $roleHash[ <<<< $_.RoleId] = $_.Name
+ CategoryInfo : InvalidOperation: (System.Collections.Hashtable:Hashtable) [], RuntimeException
+ FullyQualifiedErrorId : NullArrayIndex
Method invocation failed because [System.Object[]] doesn't contain a method named 'RetrieveAllPermissions'.
At C:\tmp\export-xml-roles-permissions.ps1:36 char:45
+ $perms = $authMgr.RetrieveAllPermissions <<<< ()
+ CategoryInfo : InvalidOperation: (RetrieveAllPermissions:String) [], RuntimeException
+ FullyQualifiedErrorId : MethodNotFound
Get-View : Cannot validate argument on parameter 'VIObject'. The argument is null or empty. Supply an argument that is not null or
the command again.
At C:\tmp\export-xml-roles-permissions.ps1:39 char:25
+ $entity = Get-View <<<< $perm.Entity
+ CategoryInfo : InvalidData: (:) [Get-View], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,VMware.VimAutomation.ViCore.Cmdlets.Commands.DotNetInterop.GetVIVie
You cannot call a method on a null-valued expression.
At C:\tmp\export-xml-roles-permissions.ps1:41 char:85
+ $ret | Add-Member -Type noteproperty -Name "EntityType" -Value $entity.gettype <<<< ().Name
+ CategoryInfo : InvalidOperation: (gettype:String) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
Index operation failed; the array index evaluated to null.
At C:\tmp\export-xml-roles-permissions.ps1:45 char:74
+ $ret | Add-Member -Type noteproperty -Name "Role" -Value $roleHash[ <<<< $perm.RoleId]
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : NullArrayIndex
thanks
vmguy
LucD,
The scripts throws error so please let me know where its require correction.
thanks
vmguy
Try the updated scripts published by Dawoo, see his vCenter Roles & Permissions Export / Import scripts post.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
LucD,
Thanks for helping me again.I tried the updated one but it throws diffrent errors this time.i used the import script and have attached for correction.
[vSphere PowerCLI] C:\tmp> .\Roles.ps1
Index operation failed; the array index evaluated to null.
At C:\tmp\Roles.ps1:60 char:17
+ $roleHash[ <<<< $_.RoleId] = $_.Name
+ CategoryInfo : InvalidOperation: (System.Collections.Hashtable:Hashtable) [], RuntimeException
+ FullyQualifiedErrorId : NullArrayIndex
Method invocation failed because [System.Object[]] doesn't contain a method named 'RetrieveAllPermissions'.
At C:\tmp\Roles.ps1:64 char:45
+ $perms = $authMgr.RetrieveAllPermissions <<<< ()
+ CategoryInfo : InvalidOperation: (RetrieveAllPermissions:String) [], RuntimeException
+ FullyQualifiedErrorId : MethodNotFound
Get-View : Cannot validate argument on parameter 'VIObject'. The argument is null or empty. Supply an argument that is not null
the command again.
At C:\tmp\Roles.ps1:67 char:25
+ $entity = Get-View <<<< $perm.Entity
+ CategoryInfo : InvalidData: (:) [Get-View], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,VMware.VimAutomation.ViCore.Cmdlets.Commands.DotNetInterop.GetVIV
You cannot call a method on a null-valued expression.
At C:\tmp\Roles.ps1:69 char:85
+ $ret | Add-Member -Type noteproperty -Name "EntityType" -Value $entity.gettype <<<< ().Name
+ CategoryInfo : InvalidOperation: (gettype:String) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
Index operation failed; the array index evaluated to null.
At C:\tmp\Roles.ps1:73 char:74
+ $ret | Add-Member -Type noteproperty -Name "Role" -Value $roleHash[ <<<< $perm.RoleId]
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : NullArrayIndex
thanks
vmguy
Can you do the export again and eventually attach the generated XML file ?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
thanks LucD,
I have executed the script again and the output xml file attached.
Same error
[vSphere PowerCLI] C:\tmp> .\Roles.ps1
Index operation failed; the array index evaluated to null.
At C:\tmp\Roles.ps1:60 char:17
+ $roleHash[ <<<< $_.RoleId] = $_.Name
+ CategoryInfo : InvalidOperation: (System.Collections.Hashtable:Hashtable) [], RuntimeException
+ FullyQualifiedErrorId : NullArrayIndex
Method invocation failed because [System.Object[]] doesn't contain a method named 'RetrieveAllPermissions'.
At C:\tmp\Roles.ps1:64 char:45
+ $perms = $authMgr.RetrieveAllPermissions <<<< ()
+ CategoryInfo : InvalidOperation: (RetrieveAllPermissions:String) [], RuntimeException
+ FullyQualifiedErrorId : MethodNotFound
Get-View : Cannot validate argument on parameter 'VIObject'. The argument is null or empty. Supply an argument that is not null
the command again.
At C:\tmp\Roles.ps1:67 char:25
+ $entity = Get-View <<<< $perm.Entity
+ CategoryInfo : InvalidData: (:) [Get-View], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,VMware.VimAutomation.ViCore.Cmdlets.Commands.DotNetInterop.GetVIV
You cannot call a method on a null-valued expression.
At C:\tmp\Roles.ps1:69 char:85
+ $ret | Add-Member -Type noteproperty -Name "EntityType" -Value $entity.gettype <<<< ().Name
+ CategoryInfo : InvalidOperation: (gettype:String) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
Index operation failed; the array index evaluated to null.
At C:\tmp\Roles.ps1:73 char:74
+ $ret | Add-Member -Type noteproperty -Name "Role" -Value $roleHash[ <<<< $perm.RoleId]
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : NullArrayIndex
vmguy
It looks as if the script can't retrieve the AuthorizationManager object.
Does this
Get-View AuthorizationManager
return anything ?
I assume you are connected to a vCenter Server ?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
LucD,
Did you recevied the xml file.Just to confirm .
thanks
vmguy
You mean the XML file attached to your previous reply ?
Yes, I did. And it's empty (except for the XML framework).
That seems to indicate that the script wasn't able to retrieve the roles and permissions.
Which led me to believe that the 'Get-View AuthorizationManager' isn't working for one reason or the other.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
LucD,
You are right i am connceted to VC.Please find the output for Auth manager
[vSphere PowerCLI] C:\tmp> Get-View AuthorizationManager
PrivilegeList : {Anonymous, View, Read, ManageCustomFields...}
RoleList : {NoAccess, Anonymous, View, ReadOnly...}
Description : VMware.Vim.AuthorizationDescription
MoRef : AuthorizationManager-AuthorizationManager
Client : VMware.Vim.VimClient
PrivilegeList : {Anonymous, View, Read, ManageCustomFields...}
RoleList : {NoAccess, Anonymous, View, ReadOnly...}
Description : VMware.Vim.AuthorizationDescription
MoRef : AuthorizationManager-AuthorizationManager
Client : VMware.Vim.VimClient
thanks
vmguy
LucD,
Its seems was connected to multiple vcenter server so i disconnected and executed the script so ithe output was avialabe in xml format.So it doesnt work for multiple vcenter server ? Can the output be in csv format.I would say thanksfor giving your valuable me
Thanks
vmguy
No, I'm afraid those scripts in their current form are for exporting and importing roles & permissions.
The purpose of the scripts was to do a migration from 1 vCenter to another vCenter.
If you just want to report the roles & permissions in a CSV file, you can do something like this.
And it should work against multiple vCenter connections as well (provide you connect in multi mode)
Get-VIPermission |
Export-Csv C:\permission.csv -NoTypeInformation -UseCulture
Get-VIRole |
Export-Csv C:\roles.csv -NoTypeInformation -UseCulture
If you don't want all the properties in the CSV file, you can put a Select-Object before the Export-Csv cmdlets and specify just the properties you need in the CSV file
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
LucD,
Full credit to you.I just right click the xml file there is an option for opening with excelsheet but your one is much better.But for multimode setting what
i need to do ? Thanks again for your help.Its was pilot project for me to findout becz there are many unwanted users existing with Admin role so i need to remove them.Thanks
vmguy
You can change between single- and multi-mode with the Set-PowerCLIConfiguration cmdlet.
For example, switch to multi-mode like this
Set-PowerCLIConfiguration -DefaultVIServerMode Multiple
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
LucD,
These cmdlet is an alternate for script
Get-VIPermission |
Export-Csv C:\permission.csv -NoTypeInformation -UseCulture
Get-VIRole |
Export-Csv C:\roles.csv -NoTypeInformation -UseCulture
thanks
vmguy