VMware Cloud Community
Mobster
Contributor
Contributor
‎03-16-2011 05:16 PM

setentitypermissions

Is anyone using this call from within PowerCLI?

I can use is just fine, as long as the security principal I specify is a user and not a group.  Whenever I specify a group name, it errors out with a "user or group does not exist".  Also, setting the perm.group=$true  or $false seems to make no difference.

Any help will be much appreciated.

--Moby

0 Kudos
2 Replies
LucD
Leadership
Leadership
‎03-16-2011 11:14 PM

Not sure why you would use the SDK method while there is a cmdlet to do this.

$vm = Get-VM MyVM 
New-VIPermission -Principal "domain\MyGroup" -Entity $vm -Role "Virtual machine user" -Confirm:$false

If, for whatever reason, you need to use the SDK method, this works for me

$vm = Get-VM MyVM 
$roleName = "Virtual machine user" 
$authMgr = Get-View AuthorizationManager 
$roleId = ($authMgr.RoleList | where {$_.Name -eq $roleName}).RoleId

$spec = New-Object VMware.Vim.Permission 
$spec.Group = $true
 $spec.principal = "domain\MyGroup"
 $spec.propagate = $false
 $spec.roleid = $roleId

$authMgr.SetEntityPermissions($vm.Extensiondata.MoRef,@($spec))


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Mobster
Contributor
Contributor
‎03-22-2011 11:53 AM

Thanks LucD.

Yes, that option is available but there are other reasons, mainly the scale of the environment, that caused me to use setentitypermissions.

The issue is resolved now - sorry for the delayed posting.  The problem was my using .isgroup instead of .group (I blame it on lack of caffeine!)

Regards,

--Moby

0 Kudos