ekrejci
Enthusiast
Enthusiast

set-vipermission at Network Level in vCenter?

Jump to solution

Hi all,

I'm trying to figure out how I can set-vipermission to a network item in vCenter?

I know how to get the datastore but I'm stuck with the network item.

any idea?

many thanks

Eric

0 Kudos
1 Solution

Accepted Solutions
LucD
Leadership
Leadership

Afaik, the Get-VIPermission cmdlet in the current build doesn't handle portgroups.

But there is a bypass

function Get-NetVIPermission{
	param($Name)
	
	Get-VIPermission | where {$_.EntityId -like "Network*"} | where {(Get-View -Id $_.EntityId).Name -eq $Name}
}

get-netvipermission "Net1"

Mind this only works for "normal" portgroups, not for portgroups on dvSwitches nor for dvSwitches.

And you can't use the returned object for the Set-VIPermission cmdlet.

You'll have to revert to the SDK APIs if you want to get and set permissions on network objects.

____________

Blog: LucD notes

Twitter: lucd22


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

0 Kudos
5 Replies
RParker
Immortal
Immortal

Same method used for both.

Instead of view -> datastores it's view -> networking. Then you can set the permissions on the network

0 Kudos
LucD
Leadership
Leadership

Afaik, the Get-VIPermission cmdlet in the current build doesn't handle portgroups.

But there is a bypass

function Get-NetVIPermission{
	param($Name)
	
	Get-VIPermission | where {$_.EntityId -like "Network*"} | where {(Get-View -Id $_.EntityId).Name -eq $Name}
}

get-netvipermission "Net1"

Mind this only works for "normal" portgroups, not for portgroups on dvSwitches nor for dvSwitches.

And you can't use the returned object for the Set-VIPermission cmdlet.

You'll have to revert to the SDK APIs if you want to get and set permissions on network objects.

____________

Blog: LucD notes

Twitter: lucd22


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

0 Kudos
ekrejci
Enthusiast
Enthusiast

Hi,

thanks for the tip.

your function works if specifics permission have already been set to the network object.

for my case I want to set specifics permissions to the portgroup that doesn't have any yet.

in fact I will use the following to get the object:

$SpecPG = Get-View -ViewType Network | where {$_.name -eq $netname}

like that I'll be able to set the permission I want.

anyway you put me in the right direction LucD

thank you again

Eric

0 Kudos
ykalchev
VMware Employee
VMware Employee

Hi,

As Luc said PowerCLI does not have native support for Network objects yet but you can use SetEntityPermissions API method.

Note that there are some limitations for specific objects described in the SetEntityPermission help.

You can take a look at Luc's post in

The example script below assign Admin permission to the $netname network entity:

$SpecPG = Get-View -ViewType Network | where {$_.name -eq $netname}

$principal = "domain/username"
$role = $authMgr.RoleList | where{$_.Name -eq "Admin"}

$authMgr = Get-View AuthorizationManager
$perm = New-Object VMware.Vim.Permission
$perm.principal = $principal 
$perm.propagate = $true
$perm.roleid = $role.MoRef
$authMgr.SetEntityPermissions($SpecPG.MoRef, $perm)

Regards,

Yasen Kalchev

PowerCLI Dev Team

Yasen Kalchev, vSM Dev Team
ekrejci
Enthusiast
Enthusiast

Hi,

thank you for this detailed post Yasen.

it's exactly what I did. It works like a charm.

thank you again. you guys bring so much dynamism in this community.

Eric

0 Kudos