Yes, I need.

Only the Notes ?

____________

Blog: LucD notes

Twitter: lucd22

I need all the attributes as it is now.

I am moving all the hosts and vm's to a new vCenter 4.0 U2.

For an export/import of the custom attributes use the scripts in

____________

Blog: LucD notes

Twitter: lucd22

Luc,

I have scaled down your script for Import / export of only roles in Virtual center and left out the permission part. I can export the roles without any problem. But while importing i face a error. can you please help me in troubleshooting. Both the script i use and error are given below,

function New-Role
{
    param($name, $privIds)
    Begin{}
    Process{
        $roleId = $authMgr.AddAuthorizationRole($name,$privIds)
    }
    End{
        return $roleId
    }
}
# Create hash table with the current roles
$authMgr = Get-View AuthorizationManager
$roleHash = @{}
$authMgr.RoleList | % {
    $roleHash[$_.Name] = $_.RoleId
}
# Read XML file
$XMLfile = “C:\role.xml”
$vInventory =[xml]“<dummy/>”
$vInventory.Load($XMLfile)
# Define Xpaths for the roles and the permissions
$XpathRoles = “Inventory/Roles/Role”

# Create custom roles
$vInventory.SelectNodes($XpathRoles) | % {
    if(-not $roleHash.ContainsKey($_.Name)){
        $privArray = @()
        $_.Privilege | % {
            $privArray += $_.Name
        }
        $roleHash[$_.Name] = (New-Role $_.Name $privArray)
    }
}

Error,

Exception calling "AddAuthorizationRole" with "2" argument(s): "vim.fault.NotFound"
At :line:8 char:47
+ $roleId = $authMgr.AddAuthorizationRole <<<< ($name,$privIds)

Additionally i have tried to alter the lines as given below, but does not work and throws the error,

[xml]$vInventory = “<dummy/>”
[xml]$vInventory.Load($XMLfile)

It looks as if you did the export with an older version of my export script.

Did you use the script from the Script to export vCenter Roles / Permissions thread ?

I just tried your script and it works without a problem.

You can do a test with a minimal XML file that only contains 1 dummy role (don't forget to delete it afterwards).

<Inventory>
  <Roles>
    <Role Name="TestRole" Label="TestRole" Summary="TestRole">
      <Privilege Name="System.Anonymous"/>
      <Privilege Name="System.Read"/>
      <Privilege Name="System.View"/>
    </Role>
  </Roles>
</Inventory>

Luc,

1. I tried the simple testrole with the script and worked fine.

2. i tried to export the roles with your latest script and tried to import it . Some roles got imported others were not.

3. So came to a conclusion there should be something wrong with handling some permissions.

Can you please try to create a role with below given permissions and test whether are you able to create? for me it fails.

  <Privilege Name="Global.com.vmware.Global.CapacityIQ" /> 
  <Privilege Name="VcIntegrity.Baseline.com.vmware.vcIntegrity.AssignBaselines" /> 
  <Privilege Name="VcIntegrity.Baseline.com.vmware.vcIntegrity.ManageBaselines" /> 
  <Privilege Name="VcIntegrity.General.com.vmware.vcIntegrity.Configure" /> 
  <Privilege Name="VcIntegrity.Updates.com.vmware.vcIntegrity.Remediate" /> 
  <Privilege Name="VcIntegrity.Updates.com.vmware.vcIntegrity.Scan" /> 
  <Privilege Name="VcIntegrity.Updates.com.vmware.vcIntegrity.ViewStatus" /> 
  

That works for me.

But then I tested on an environment that has CapacityIQ installed.

Do you have CapacityIQ installed ?

Otherwise try leaving out the privileges one by one and see which one causes the failure.

You are absolutely right .

I was importing roles in a new environment where i had only Virtual center app installed and others were missing. So privileges related to missing components produces the error when tried to import them in a role.