VMware Cloud Community
jjhays2
Contributor
Contributor
‎02-27-2013 04:37 PM
Jump to solution

Set-vipermission to groups at Network Level in vCenter?

I've been trying to assign permissions to network objects with Powercli.  Based on this link http://communities.vmware.com/message/1563864 the Set-VIPermission does not work on network objects and provides a workaround to assign permssions.  This works fine when attempting to assign users but throws the following error when you set the principal to a group (ie, domain\group)


$SpecPG = Get-View -ViewType Network | where {$_.name -eq "Network"}


$role = $authMgr.RoleList | where{$_.Name -eq $role}

$authMgr = Get-View AuthorizationManager
$perm = New-Object VMware.Vim.Permission
$perm.principal = "Domain\vSphere_Users"
$perm.propagate = $true
$perm.roleid = $role.roleid
$authMgr.SetEntityPermissions($SpecPG.MoRef, $perm)


Exception calling "SetEntityPermissions" with "2" argument(s): "The user or group named 'Domain.Local\vSphere_Users' does not exist."
At line:39 char:30
+ $authMgr.SetEntityPermissions <<<< ($SpecPG.MoRef, $perm)
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : DotNetMethodException


It seems that when attempting to set the pemission, it adds the FQDN (in this case Domain.Local) instead of just the domain name.


Is there a way to suppress the FQDN in the principal name?


I'm using VMware vSphere PowerCLI 5.1 Release 2 build 1012425.


Thanks


John

Reply
0 Kudos
1 Solution

Accepted Solutions
LucD
Leadership
Leadership
‎02-27-2013 10:51 PM
Jump to solution

It looks as if you forgot the Group property

$SpecPG = Get-View -ViewType Network | where {$_.name -eq "Network"}

$authMgr = Get-View AuthorizationManager 
$roleName = "Admin"
 $role = $authMgr.RoleList | where{$_.Name -eq $roleName}

$perm = New-Object VMware.Vim.Permission
$perm.principal = "Domain\Groupname"
$perm.propagate = $true
$perm.Group = $true
$perm.roleid = $role.RoleId

$authMgr.SetEntityPermissions($SpecPG.MoRef, @($perm))


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

Reply
0 Kudos
2 Replies
LucD
Leadership
Leadership
‎02-27-2013 10:51 PM
Jump to solution

It looks as if you forgot the Group property

$SpecPG = Get-View -ViewType Network | where {$_.name -eq "Network"}

$authMgr = Get-View AuthorizationManager 
$roleName = "Admin"
 $role = $authMgr.RoleList | where{$_.Name -eq $roleName}

$perm = New-Object VMware.Vim.Permission
$perm.principal = "Domain\Groupname"
$perm.propagate = $true
$perm.Group = $true
$perm.roleid = $role.RoleId

$authMgr.SetEntityPermissions($SpecPG.MoRef, @($perm))


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
jjhays2
Contributor
Contributor
‎02-28-2013 09:35 PM
Jump to solution

LucD,

Indeed I did.  And that fixed it!

Thanks!

John

Reply
0 Kudos