VMware Cloud Community
vlife201110141
Enthusiast
Enthusiast
‎10-27-2011 06:02 AM
Jump to solution

User what role he has and where it is defined

Hello Guys,

I am looking for a script which searches a user what role he has,defined in what level on vcenter server from root folder down to virtual machine level and list his role and the level it is defined.

Thanks,

0 Kudos
1 Solution

Accepted Solutions
LucD
Leadership
Leadership
‎10-27-2011 01:43 PM
Jump to solution

Of course, we can use a where-clause to filter out the permissions for a specific principal.

Like this

$user = "domain\user"

Get-VIPermission | where {$_.Principal -eq $user} | 
Select @{N="Entity";E={$_.Entity.Name}},
    @{N="Type";E={$_.Entity.GetType().Name.TrimEnd("Wrapper")}},
    Role,
    Propagate


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

0 Kudos
10 Replies
LucD
Leadership
Leadership
‎10-27-2011 06:56 AM
Jump to solution

Try it like this

$user = "domain\user"

Get-VIPermission -Principal $user | 
Select @{N="Entity";E={$_.Entity.Name}},
    @{N="Type";E={$_.Entity.GetType().Name.TrimEnd("Wrapper")}},
    Role,
    Propagate

The Propagate column indicates wether the permission is propagdated to all children of a specific node.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

vlife201110141
Enthusiast
Enthusiast
‎10-27-2011 07:06 AM
Jump to solution

Thanks for your answer Luc. Probably it is already working on your tests. get-vipermission cmdlet having error on my test.

+ Get-VIPermission <<<< -Principal $user |

+ CategoryInfo : NotSpecified: (:) [Get-VIPermission], VimException

+ FullyQualifiedErrorId : Core_BaseCmdlet_UnknownError,VMware.VimAutomation.ViCore.Cmdlets.Commands.PermissionManagement.GetVIPermission

0 Kudos
LucD
Leadership
Leadership
‎10-27-2011 07:14 AM
Jump to solution

Which PowerCLI build are you running ?

Do a

Get-PowerCLIVersion.

I use VMware vSphere PowerCLI 5.0 build 435427.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
vlife201110141
Enthusiast
Enthusiast
‎10-27-2011 07:18 AM
Jump to solution

Ah ok I see version mismatch. VMware vSphere PowerCLI 4.1 U1 build 332441. How can I run that with my version ?

Thanks,

0 Kudos
LucD
Leadership
Leadership
‎10-27-2011 01:43 PM
Jump to solution

Of course, we can use a where-clause to filter out the permissions for a specific principal.

Like this

$user = "domain\user"

Get-VIPermission | where {$_.Principal -eq $user} | 
Select @{N="Entity";E={$_.Entity.Name}},
    @{N="Type";E={$_.Entity.GetType().Name.TrimEnd("Wrapper")}},
    Role,
    Propagate


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
vlife201110141
Enthusiast
Enthusiast
‎10-27-2011 09:57 PM
Jump to solution

Thanks for following up Luc. I have no doubt the one you sent me works fine. I believe smth goes wrong on my side. I run that from PowerGUI ( 3.0.0.2015 )

This test below not working either. Return error like Get-VIpermission is unknown cmdlet .

$test = Get-VIPermission -Entity (Get-Datacenter) -Principal Administrator

Get-VIPermission : 28.10.2011 07:46:50    Get-VIPermission           
At C:\Users\xxx\AppData\Local\Temp\538322f4-92cf-40fa-be39-0a291c42746b.ps1:2 char:25
+ $test = Get-VIPermission <<<<  -Entity (Get-Datacenter) -Principal Administrator
    + CategoryInfo          : NotSpecified: (:) [Get-VIPermission], VimException
    + FullyQualifiedErrorId : Core_BaseCmdlet_UnknownError,VMware.VimAutomation.ViCore.Cmdlets.Commands.PermissionManagement.GetVIPermission

0 Kudos
LucD
Leadership
Leadership
‎10-27-2011 10:28 PM
Jump to solution

Can you try the following from a PowerCLI prompt (of course, first do a Connect-VIServer to your vCenter).

Get-Command Get-VIPermission -Syntax

Get-VIPermission

Get-VIPermission -Entity (Get-Folder -Name Datacenters)


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
vlife201110141
Enthusiast
Enthusiast
‎10-27-2011 10:45 PM
Jump to solution

Smiley Happy Sure I connected to vcenter first

Name                           Port  User                         
----                           ----  ----                         
vcenter                        443   ugur.ozvatan                 
Get-VIPermission [[-Entity] <VIObject[]>] [-Principal <VIAccount[]>] [-Server <VIServer[]>] [-Verbose] [-Debug] [-ErrorAction <ActionPreference>] [-WarningAction <Acti
onPreference>] [-ErrorVariable <String>] [-WarningVariable <String>] [-OutVariable <String>] [-OutBuffer <Int32>]

Get-VIPermission : 28.10.2011 08:43:10    Get-VIPermission        Nesne başvurusu bir nesnenin örneğine ayarlanmadı.   
At C:\Users\ugur.ozvatan\AppData\Local\Temp\e2e7b5ed-c141-4f43-98f6-6cb546952732.ps1:3 char:17
+ Get-VIPermission <<<<
    + CategoryInfo          : NotSpecified: (:) [Get-VIPermission], VimException
    + FullyQualifiedErrorId : Core_BaseCmdlet_UnknownError,VMware.VimAutomation.ViCore.Cmdlets.Commands.PermissionManagement.GetVIPermission

Get-VIPermission : 28.10.2011 08:43:12    Get-VIPermission        Nesne başvurusu bir nesnenin örneğine ayarlanmadı.   
At C:\Users\ugur.ozvatan\AppData\Local\Temp\e2e7b5ed-c141-4f43-98f6-6cb546952732.ps1:4 char:17
+ Get-VIPermission <<<<  -Entity (Get-Folder -Name Datacenters)
    + CategoryInfo          : NotSpecified: (:) [Get-VIPermission], VimException
    + FullyQualifiedErrorId : Core_BaseCmdlet_UnknownError,VMware.VimAutomation.ViCore.Cmdlets.Commands.PermissionManagement.GetVIPermission

0 Kudos
LucD
Leadership
Leadership
‎10-27-2011 11:23 PM
Jump to solution

Ok, you do have a problem with your PowerCLI installation.

Could this be caused by the regional settings (Turkish apparently) on the client ?

Do you have a client with no regional settings (US English), where you could install PowerCLI and try the Get-VIPermission cmdlet ?


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

vlife201110141
Enthusiast
Enthusiast
‎10-27-2011 11:42 PM
Jump to solution

You are right Luc.Regional settings issue. Switching to English it runs. Thanks again.

0 Kudos