Solved: no folder name while trying to get permission info...

bubbzie · ‎06-07-2010

Interesting that while running get-permission against folder we get Entity-Id but no names:

For example: get-folder returns Name and Id, same example with get-vipermission returns:

get-folder|get-vipermission|fl *

EntityId : Folder-group-d1

Role : createNewVmDevice

Principal : testVM

Propagate : True

IsGroup : False

So, when I specifically get-folder with the name, only then it returns corresponding permission_schema, is there anyway to get-folder|get-vipermission return

every available folder and related permission info? Why this is needed is that, say you want to execute against cluster:

get-cluster | Get-VIPermission

or LucD's example as follows:

get-folder | get-VIPermission | Select @{N="Entity";E={(Get-View -Id $_.EntityId).Name}},Role,Principal,Propagate,IsGroup

Which still returns only datacenter_names and no folder related info, is this a bug or some more additional steps needed to get this info?

thanks.

LucD · ‎06-07-2010

You should understand that permissions can be inherited from entities higher up in the hierarchy.

If you use my script, you will get the entity on which the permissions were actually defined.

If you want to see per folder which permissions apply (even the inherited ones), you can do

Get-Datacenter | %{
	$dc = $_
	$_ | Get-Folder | %{
		$folder = $_
		$_ | Get-VIPermission | `
		Select @{N="DCname";E={$dc.Name}},@{N="FolderName";E={$folder.Name}},Role,Principal,Propagate,IsGroup
	}
}

____________

Blog: LucD notes

Twitter: lucd22

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

View solution in original post

LucD · ‎06-07-2010

You should understand that permissions can be inherited from entities higher up in the hierarchy.

If you use my script, you will get the entity on which the permissions were actually defined.

If you want to see per folder which permissions apply (even the inherited ones), you can do

Get-Datacenter | %{
	$dc = $_
	$_ | Get-Folder | %{
		$folder = $_
		$_ | Get-VIPermission | `
		Select @{N="DCname";E={$dc.Name}},@{N="FolderName";E={$folder.Name}},Role,Principal,Propagate,IsGroup
	}
}

____________

Blog: LucD notes

Twitter: lucd22

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

bubbzie · ‎06-07-2010

Man you good! Now since I do reporting with this like we usually do about VMs or hosts related etc, and my reporting usually include hash @. How do you slice it so that i could create reporting mechanism, existence of double $_ is a bit confusing for me as well as @{} for select object. Thanks.

LucD · ‎06-07-2010

In a ForEach-Object (alias %) loop the current object is accessible through the $_ variable.

If you have nested loops, the $_ will contain the current object of the inner loop.

That's why I save the value of the objects in the outer loops in new variables (e.g. $dc and $folder).

This way the script can still access the objects from the outer loops.

This is the same script where it produces an array ($report) which you can for example save to a CSV file.

$report = @()
Get-Datacenter | %{
	$dc = $_
	$_ | Get-Folder | %{
		$folder = $_
		$_ | Get-VIPermission | %{
			$row = "" | Select DCname,FolderName,Role,Principal,Propagate,IsGroup
			$row.DCname = $dc.Name
			$row.FolderName = $folder.Name
			$row.Role = $_.Role
			$row.Principal = $_.Principal
			$row.Propagate = $_.Propagate
			$row.IsGroup = $_.IsGroup
			$report += $row
		}
	}
}
# $report | Export-Csv "C:\Folder-permissions.csv" -NoTypeInformation
$report

I suspect this is what you were looking for ?

____________

Blog: LucD notes

Twitter: lucd22

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

bubbzie · ‎06-08-2010

>I suspect this is what you were looking for ?

Legen-wait-for-it-dary!

All

no folder name while trying to get permission info against folders and cluster