Dave_Mac
Contributor
Contributor

Script to export vCenter Roles / Permissions

Jump to solution

I'm trying to find a script that will capture our vSphere vCenter Roles and Permissions hierarchy. I thought I'd found the ideal thing at:

http://www.virtu-al.net/2009/06/15/vsphere-permissions-export-import-part-1

But I'm having real problems getting this working. I'm getting the same form of errors as other users on that site

The script runs okay, but I get continual errors along the lines of:

"You cannot call a method on a null-valued expression.

At C:\tmp\ExportRoles.ps1:85 char:22

$node.AppendChild( <<<< $tmp)"

"You cannot call a method on a null-valued expression.

At C:\tmp\ExportRoles.ps1:85 char:23

$node.SetAttribute( <<<< $name, $value)"

"You cannot call a method on a null-valued expression.

At C:\tmp\ExportRoles.ps1:85 char:44

$tmp = $global:vInventory.CreateElement( <<<< $nodeName)"

That loops for a while then I get errors like:

"Exception calling "AppendChild" with "1" argument(s): "Object reference not set to an instance of an object."

At C:\tmp\ExportRoles.ps1:81 char:22

$node.AppendChild( <<<< $tmp)

When carrying out the fix as mentioned by one of the users about changing the 'global' part, I get the same erros but with a new one thrown in:

"Exception calling "CreateElement" with "1" argument(s): "The local name for elements or attributes cannot be null or an empty string."

At C:\tmp\ExportRoles.ps1:80 char:37

$tmp = $vInventory.CreateElement( <<<< $nodeName)

The script is creating the xml file populated with the descriptors, it's just not populating it with any of my roles or permissions. I have removed most of the stock roles and created new roles from scratch.

I'm using vCenter 4.0U1 build 208111 and the PowerCli 4.0.1-208462

Any ideas? Or can people point me somewhere else for a script that'll capture this. I especially like the fact it's been pumped out to XML as my intention is to use this as part of the automated build process for our environment. I'm fairly green to Powershell, I copied that script verbatim so if there's something noddy I should be doing please shout. I'm assuming it's not enumarting the values from the AuthorizationManager, but I don't know where to insert a 'Write-Host' step to output the value to a screen to check where it's falling over so again any help with this would be appreciated.

Cheers folks.

0 Kudos
1 Solution

Accepted Solutions
LucD
Leadership
Leadership

That is one of my old script that apparently had some problems in PowerShell v2.

Attached a new version.

Can you check if it works for you ?

____________

Blog: LucD notes

Twitter: lucd22


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

0 Kudos
5 Replies
LucD
Leadership
Leadership

That is one of my old script that apparently had some problems in PowerShell v2.

Attached a new version.

Can you check if it works for you ?

____________

Blog: LucD notes

Twitter: lucd22


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

0 Kudos
Dave_Mac
Contributor
Contributor

You Sir, are what's commonly known in the business as a 'Star'.

Thanks for taking the time to look at this and thanks for writing such a great script.

0 Kudos
Ben7
Contributor
Contributor

Do you happen to have an updated copy of the import script too?  This updated export script worked like a champ but the import script is giving me errors. 

Thanks,

- Ben

---------------------------------------------------------------------

Index operation failed; the array index evaluated to null.
At C:\VM_permissions_import.ps1:33 char:11
+ $roleHash[ <<<< $_.Name] = $_.RoleId
    + CategoryInfo          : InvalidOperation: (System.Collections.Hashtable:
   Hashtable) [], RuntimeException
    + FullyQualifiedErrorId : NullArrayIndex
Method invocation failed because [System.String] doesn't contain a method named
'Load'.
At C:\VM_permissions_import.ps1:38 char:17
+ $vInventory.Load <<<< ($XMLfile)
    + CategoryInfo          : InvalidOperation: (Load:String) [], RuntimeExcep
   tion
    + FullyQualifiedErrorId : MethodNotFound
Cannot convert value "Inventory/Roles/Role" to type "System.Xml.XmlDocument". E
rror: "Data at the root level is invalid. Line 1, position 1."
At C:\VM_permissions_import.ps1:40 char:20
+ $XpathRoles = [xml] <<<< "Inventory/Roles/Role"
    + CategoryInfo          : NotSpecified: (:) [], RuntimeException
    + FullyQualifiedErrorId : RuntimeException
Cannot convert value "Inventory/Permissions/Permission" to type "System.Xml.Xml
Document". Error: "Data at the root level is invalid. Line 1, position 1."
At C:\VM_permissions_import.ps1:41 char:26
+ $XpathPermissions = [xml] <<<< "Inventory/Permissions/Permission"
    + CategoryInfo          : NotSpecified: (:) [], RuntimeException
    + FullyQualifiedErrorId : RuntimeException
Method invocation failed because [System.String] doesn't contain a method named
'SelectNodes'.
At C:\VM_permissions_import.ps1:43 char:24
+ $vInventory.SelectNodes <<<< ($XpathRoles) | % {
    + CategoryInfo          : InvalidOperation: (SelectNodes:String) [], Runti
   meException
    + FullyQualifiedErrorId : MethodNotFound
Method invocation failed because [System.String] doesn't contain a method named
'SelectNodes'.
At C:\VM_permissions_import.ps1:53 char:24
+ $vInventory.SelectNodes <<<< ($XpathPermissions) | % {
    + CategoryInfo          : InvalidOperation: (SelectNodes:String) [], Runti
   meException
    + FullyQualifiedErrorId : MethodNotFound
0 Kudos
Matt_B1
Enthusiast
Enthusiast

Thanks again Luc!  The export works perfect.  I added a check to the Get-Roles function to leave out the sample roles.

foreach($role in $authMgr.roleList){
      if ($role.name -notmatch "sample"){
          $ret = New-Object PSObject
          $ret | Add-Member -Type noteproperty -Name “Name” -Value $role.name
          $ret | Add-Member -Type noteproperty -Name “Label” -Value $role.info.label
          $ret | Add-Member -Type noteproperty -Name “Summary” -Value $role.info.summary
          $ret | Add-Member -Type noteproperty -Name “RoleId” -Value $role.roleId
          $ret | Add-Member -Type noteproperty -Name “System” -Value $role.system
          $ret | Add-Member -Type noteproperty -Name “Privilege” -Value $role.privilege
          $report += $ret
        }
    }

0 Kudos
bretthacker
Contributor
Contributor

Old thread but wasn't finding anything else out there on it.

Tried this script against a stand-alone ESXi 5 host, had to make this change:

    $authMgr = Get-View (Get-View ServiceInstance).Content.AuthorizationManager

Replace the line in Get-Roles (ln 4) and Get-Permissions (ln 27).

Also noticed that it didn't like saving to the root of my C drive on W7, altered the save line to c:\temp.

Thanks for a nice script!

0 Kudos