VMware Cloud Community
victim95
VMware Employee
VMware Employee
‎06-24-2019 10:04 AM

UI vs PowerCLI permissions (Cluster vs folder level permissions requirements)

Why does a user require Cluster level permissions to run a get-vm command?  The user currently has folder level permissions which allow them to do the needed tasks through the UI.  When the user runs the get-vm command it returns empty until you add cluster level permissions.

Thanks.

Tim

0 Kudos
3 Replies
LucD
Leadership
Leadership
‎06-24-2019 10:19 AM

Does the user have System.Read on the root folder (Datacenters folder)?

It seems that this is required by PowerCLI vs the Web Client.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
victim95
VMware Employee
VMware Employee
‎06-24-2019 01:29 PM

Under what tab is the System.Read entry?  Sorry, been going through the line items but can't find it.

Thanks,

0 Kudos
LucD
Leadership
Leadership
‎06-24-2019 01:44 PM

You can assign that directly, you have to go via a Role.

Something like this for example.

It creates a new Role, named TestRole, and assign this permission to the user on the rootfolder.

You have to update 'domain\user'

$priv = Get-VIPrivilege -Id System.Read

$role = New-VIRole -Name TestRole -Privilege $priv

New-VIPermission -Entity (Get-Folder -Name Datacenters) -Role $role -Principal 'domain\user'


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos