checkback
Contributor
Contributor

Script to Audit Permissions. in Vcenter

I need to Audit the vCenter to see what user accounts have access to VMs/Folders/Datastores/etc etc etc

Im not a script guy, and my searchs seem to be coming up short..

Im hoping someone that knows more about Power CLI can point me in the right direction.

All i need to see is the user account and the type permissions/access that user account has.

any help would be great.

thanks in advance..

(If this has been answered somewhere already I apologize for reposting the question.

5 Replies
LucD
Leadership
Leadership

This will give you all permissions on all folders (including the hidden ones).

Get-Folder | Get-VIPermission |

Where {$_.EntityId -match "Folder"} |

Select Entity,Principal,Role


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

AmolPatil
Enthusiast
Enthusiast

Hello Luc,

Is there a way to check Who gave Permission for the VC or assign roles/permissions ?

Looking for Auditing purpose.

I have VC for 4.1/5.1/6.0

Any hint ?

Regards,

Amol

Regards, Amol Patil VCP 5
0 Kudos
LucD
Leadership
Leadership

Try like this

Get-VIEvent -Start (Get-Date).AddDays(-1) -MaxSamples ([int]::MaxValue) |

where{$_ -is [VMware.Vim.PermissionAddedEvent]} |

Select CreatedTime,UserName,Principal,@{N='Entity';E={$_.Entity.Name}},@{N='Role';E={$_.Role.Name}}


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

AmolPatil
Enthusiast
Enthusiast

Hello Luc,

Thanks for quick reply and yes its working.

Thanks for the always quick help and guidance Smiley Happy

But, If event is not there then can not get, I was looking for old auditing records.

I got the recent once.

Regards, Amol Patil VCP 5
0 Kudos
LucD
Leadership
Leadership

You can adapt the value on the Start parameter, in my sample code it only looks back 1 day.

Or you can leave out the Start parameter all together, then it will look at all the events in the DB


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos