Hi guys,
I just recently discovered the beauty of the VI tookit, and immediately saw a need for it. I need a script to cycle through each VM in a given datacenter, and assign an existing role a permission level on that VM.
Hierarchy is as follows:
Datacenters\<Region>\<Site>\<VM name>
or
Datacenters\<Region>\<Site>\<Folder>\<VM name>
I need the script to analyze the name of the VM, then assign the role VirtualMachineUser to the domain group DOMAIN\<VM name>_Admins
Any help would be greatly appreciated!
thanks!
Looks like this requires using some API level code to access the AuthorizationManager.
http://communities.vmware.com/message/1076484#1076484
I adapted the code sample from the post above and the code below just worked in my lab, but please limit testing to a couple of servers before you set it loose.
#pipe the VMs into Get-View to get the .Net representation of the objects
#you'll need this for the MoRef required by the SetEntityPermission method
#recommend for testing that you limit to a specific set of VMs using Get-VM -Name (list of comma separated names)
$vms = Get-VM | Get-View
#access the authorization manager
$authMgr = Get-View AuthorizationManager
#use a filter against the AuthorizationManager to fine the desired role
$role = $authMgr.RoleList | ? { $_.Name -eq 'VirtualMachineAdministrator' }
foreach ($vm in $vms)
{
#create the permissions
$perm = New-Object VMware.Vim.Permission
$perm.group = $false
$perm.principal = 'DOMAIN\'$vm.Name'_Admins'
$perm.principal
$perm.propagate = $false
$perm.roleId = $role.RoleId
#for each VM view, call the method to update the permissions
$authMgr.SetEntityPermissions($vm.MoRef, $rootperm)
}
Hope this helps!
======================================
Monitor. Correlate. Act. | vWire.com
Looks like this requires using some API level code to access the AuthorizationManager.
http://communities.vmware.com/message/1076484#1076484
I adapted the code sample from the post above and the code below just worked in my lab, but please limit testing to a couple of servers before you set it loose.
#pipe the VMs into Get-View to get the .Net representation of the objects
#you'll need this for the MoRef required by the SetEntityPermission method
#recommend for testing that you limit to a specific set of VMs using Get-VM -Name (list of comma separated names)
$vms = Get-VM | Get-View
#access the authorization manager
$authMgr = Get-View AuthorizationManager
#use a filter against the AuthorizationManager to fine the desired role
$role = $authMgr.RoleList | ? { $_.Name -eq 'VirtualMachineAdministrator' }
foreach ($vm in $vms)
{
#create the permissions
$perm = New-Object VMware.Vim.Permission
$perm.group = $false
$perm.principal = 'DOMAIN\'$vm.Name'_Admins'
$perm.principal
$perm.propagate = $false
$perm.roleId = $role.RoleId
#for each VM view, call the method to update the permissions
$authMgr.SetEntityPermissions($vm.MoRef, $rootperm)
}
Hope this helps!
======================================
Monitor. Correlate. Act. | vWire.com
thanks! That definitely shoved me in the right direction!