VMware Cloud Community
smithjr
Contributor
Contributor
‎05-02-2012 02:17 PM
Jump to solution

User permissions to export events

Hi all, what are the necessary vcenter permissiones for a user to export vcenter events?. 

Im running this script:

Connect-VIServer xxxxxxxx -User xxxxxxx -Password xxxxxxxxxx
$prevDay = (Get-Date -Hour 0 -Minute 0 -Second 0).AddDays(-1)
$filename = "C:\log5" + $prevDay.ToString("MMddyyy") + ".csv"
Get-VIEvent -Start $prevDay -Finish $prevDay.AddDays(1) -MaxSamples ([int]::MaxValue) |
Select @{N="Description";E={$_.FullFormattedMessage}},
  @{N="Date Time";E={$_.CreatedTime}},
  @{N="Target";E={$_.Entity.Name}},
  @{N="User";E={$_.UserName}} |
Export-Csv $filename -NoTypeInformation -UseCulture

Thanks!

0 Kudos
1 Solution

Accepted Solutions
mattboren
Expert
Expert
‎05-02-2012 07:58 PM
Jump to solution

Hello-

I do not think that you assign a permission named, "none".  From the API reference listed above, I take that to mean that there are no additional privileges/permissions required for querying events.

Add'l info (added to this response at 11:10pm):  I tested with a VIAccount that had the Read-Only role assigned, and it was able retrieve events.  So, it would seem that so long as the account can connect to the vCenter/host, that it can retrieve events with no additional privileges required.  Are you seeing different behavior?

View solution in original post

0 Kudos
4 Replies
mattboren
Expert
Expert
‎05-02-2012 05:51 PM
Jump to solution

Hello, smithjr-

Per the API reference for EventHistoryCollector (which is what Get-VIEvent uses, per an Onyx trace), the methods used require the privileges of "none".  So, if the account as which you are running the script can successfully Connect-VIServer, it should be good to get VI events.

Btw, the methods used are SetCollectorPageSize(), ResetCollector(), ReadPreviousEvents(), and DestroyCollector().

0 Kudos
smithjr
Contributor
Contributor
‎05-02-2012 07:26 PM
Jump to solution

"none" its a vcenter permission????

0 Kudos
mattboren
Expert
Expert
‎05-02-2012 07:58 PM
Jump to solution

Hello-

I do not think that you assign a permission named, "none".  From the API reference listed above, I take that to mean that there are no additional privileges/permissions required for querying events.

Add'l info (added to this response at 11:10pm):  I tested with a VIAccount that had the Read-Only role assigned, and it was able retrieve events.  So, it would seem that so long as the account can connect to the vCenter/host, that it can retrieve events with no additional privileges required.  Are you seeing different behavior?

0 Kudos
smithjr
Contributor
Contributor
‎05-02-2012 08:18 PM
Jump to solution

Thanks a lot, read-only is the answer.

0 Kudos