I've been trying to assign permissions to network objects with Powercli. Based on this link http://communities.vmware.com/message/1563864 the Set-VIPermission does not work on network objects and provides a workaround to assign permssions. This works fine when attempting to assign users but throws the following error when you set the principal to a group (ie, domain\group)
$SpecPG = Get-View -ViewType Network | where {$_.name -eq "Network"}
$role = $authMgr.RoleList | where{$_.Name -eq $role}
$authMgr = Get-View AuthorizationManager
$perm = New-Object VMware.Vim.Permission
$perm.principal = "Domain\vSphere_Users"
$perm.propagate = $true
$perm.roleid = $role.roleid
$authMgr.SetEntityPermissions($SpecPG.MoRef, $perm)
Exception calling "SetEntityPermissions" with "2" argument(s): "The user or group named 'Domain.Local\vSphere_Users' does not exist."
At line:39 char:30
+ $authMgr.SetEntityPermissions <<<< ($SpecPG.MoRef, $perm)
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : DotNetMethodException
It seems that when attempting to set the pemission, it adds the FQDN (in this case Domain.Local) instead of just the domain name.
Is there a way to suppress the FQDN in the principal name?
I'm using VMware vSphere PowerCLI 5.1 Release 2 build 1012425.
Thanks
John
It looks as if you forgot the Group property
$SpecPG = Get-View -ViewType Network | where {$_.name -eq "Network"} $authMgr = Get-View AuthorizationManager
$roleName = "Admin"
$role = $authMgr.RoleList | where{$_.Name -eq $roleName} $perm = New-Object VMware.Vim.Permission
$perm.principal = "Domain\Groupname"
$perm.propagate = $true
$perm.Group = $true
$perm.roleid = $role.RoleId
$authMgr.SetEntityPermissions($SpecPG.MoRef, @($perm))
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
It looks as if you forgot the Group property
$SpecPG = Get-View -ViewType Network | where {$_.name -eq "Network"} $authMgr = Get-View AuthorizationManager
$roleName = "Admin"
$role = $authMgr.RoleList | where{$_.Name -eq $roleName} $perm = New-Object VMware.Vim.Permission
$perm.principal = "Domain\Groupname"
$perm.propagate = $true
$perm.Group = $true
$perm.roleid = $role.RoleId
$authMgr.SetEntityPermissions($SpecPG.MoRef, @($perm))
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
LucD,
Indeed I did. And that fixed it!
Thanks!
John