Automation

 View Only

  • 1.  set-vipermission at Network Level in vCenter?

    Posted Jul 02, 2010 01:07 PM

    Hi all,

    I'm trying to figure out how I can set-vipermission to a network item in vCenter?

    I know how to get the datastore but I'm stuck with the network item.

    any idea?

    many thanks

    Eric



  • 2.  RE: set-vipermission at Network Level in vCenter?

    Posted Jul 02, 2010 01:39 PM

    Same method used for both.

    Instead of view -> datastores it's view -> networking. Then you can set the permissions on the network



  • 3.  RE: set-vipermission at Network Level in vCenter?
    Best Answer

    Posted Jul 02, 2010 01:47 PM

    Afaik, the Get-VIPermission cmdlet in the current build doesn't handle portgroups.

    But there is a bypass

    function Get-NetVIPermission{
	param($Name)
	
	Get-VIPermission | where {$_.EntityId -like "Network*"} | where {(Get-View -Id $_.EntityId).Name -eq $Name}
}

get-netvipermission "Net1"

    Mind this only works for "normal" portgroups, not for portgroups on dvSwitches nor for dvSwitches.

    And you can't use the returned object for the Set-VIPermission cmdlet.

    You'll have to revert to the SDK APIs if you want to get and set permissions on network objects.

    ____________

    Blog: LucD notes

    Twitter: lucd22



  • 4.  RE: set-vipermission at Network Level in vCenter?

    Posted Jul 02, 2010 02:23 PM

    Hi,

    thanks for the tip.

    your function works if specifics permission have already been set to the network object.

    for my case I want to set specifics permissions to the portgroup that doesn't have any yet.

    in fact I will use the following to get the object:

    $SpecPG = Get-View -ViewType Network | where {$_.name -eq $netname}

    like that I'll be able to set the permission I want.

    anyway you put me in the right direction LucD

    thank you again

    Eric



  • 5.  RE: set-vipermission at Network Level in vCenter?

    Broadcom Employee
    Posted Jul 02, 2010 03:30 PM

    Hi,

    As Luc said PowerCLI does not have native support for Network objects yet but you can use SetEntityPermissions API method.

    Note that there are some limitations for specific objects described in the SetEntityPermission help.

    You can take a look at Luc's post in

    The example script below assign Admin permission to the $netname network entity:

    $SpecPG = Get-View -ViewType Network | where {$_.name -eq $netname}

$principal = "domain/username"
$role = $authMgr.RoleList | where{$_.Name -eq "Admin"}

$authMgr = Get-View AuthorizationManager
$perm = New-Object VMware.Vim.Permission
$perm.principal = $principal 
$perm.propagate = $true
$perm.roleid = $role.MoRef
$authMgr.SetEntityPermissions($SpecPG.MoRef, $perm)

    Regards,

    Yasen Kalchev

    PowerCLI Dev Team



  • 6.  RE: set-vipermission at Network Level in vCenter?

    Posted Jul 02, 2010 07:54 PM

    Hi,

    thank you for this detailed post Yasen.

    it's exactly what I did. It works like a charm.

    thank you again. you guys bring so much dynamism in this community.

    Eric