Interesting that while running get-permission against folder we get Entity-Id but no names:
For example: get-folder returns Name and Id, same example with get-vipermission returns:
get-folder|get-vipermission|fl *
EntityId : Folder-group-d1
Role : createNewVmDevice
Principal : testVM
Propagate : True
IsGroup : False
So, when I specifically get-folder with the name, only then it returns corresponding permission_schema, is there anyway to get-folder|get-vipermission return
every available folder and related permission info? Why this is needed is that, say you want to execute against cluster:
get-cluster | Get-VIPermission
or LucD's example as follows:
get-folder | get-VIPermission | Select @{N="Entity";E={(Get-View -Id $_.EntityId).Name}},Role,Principal,Propagate,IsGroup
Which still returns only datacenter_names and no folder related info, is this a bug or some more additional steps needed to get this info?
thanks.
You should understand that permissions can be inherited from entities higher up in the hierarchy.
If you use my script, you will get the entity on which the permissions were actually defined.
If you want to see per folder which permissions apply (even the inherited ones), you can do
Get-Datacenter | %{ $dc = $_ $_ | Get-Folder | %{ $folder = $_ $_ | Get-VIPermission | ` Select @{N="DCname";E={$dc.Name}},@{N="FolderName";E={$folder.Name}},Role,Principal,Propagate,IsGroup } }
____________
Blog: LucD notes
Twitter: lucd22
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
You should understand that permissions can be inherited from entities higher up in the hierarchy.
If you use my script, you will get the entity on which the permissions were actually defined.
If you want to see per folder which permissions apply (even the inherited ones), you can do
Get-Datacenter | %{ $dc = $_ $_ | Get-Folder | %{ $folder = $_ $_ | Get-VIPermission | ` Select @{N="DCname";E={$dc.Name}},@{N="FolderName";E={$folder.Name}},Role,Principal,Propagate,IsGroup } }
____________
Blog: LucD notes
Twitter: lucd22
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Man you good! Now since I do reporting with this like we usually do about VMs or hosts related etc, and my reporting usually include hash @. How do you slice it so that i could create reporting mechanism, existence of double $_ is a bit confusing for me as well as @{} for select object. Thanks.
In a ForEach-Object (alias %) loop the current object is accessible through the $_ variable.
If you have nested loops, the $_ will contain the current object of the inner loop.
That's why I save the value of the objects in the outer loops in new variables (e.g. $dc and $folder).
This way the script can still access the objects from the outer loops.
This is the same script where it produces an array ($report) which you can for example save to a CSV file.
$report = @() Get-Datacenter | %{ $dc = $_ $_ | Get-Folder | %{ $folder = $_ $_ | Get-VIPermission | %{ $row = "" | Select DCname,FolderName,Role,Principal,Propagate,IsGroup $row.DCname = $dc.Name $row.FolderName = $folder.Name $row.Role = $_.Role $row.Principal = $_.Principal $row.Propagate = $_.Propagate $row.IsGroup = $_.IsGroup $report += $row } } } # $report | Export-Csv "C:\Folder-permissions.csv" -NoTypeInformation $report
I suspect this is what you were looking for ?
____________
Blog: LucD notes
Twitter: lucd22
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
>I suspect this is what you were looking for ?
Legen-wait-for-it-dary!