Hello LucD,
I'm new to this and I'm stuck with vCenter Importing roles and permissions there is an error.. I will share the codes whatever I have it with me - need some help on this. We have created two output types - csv for human readable and XML for importing on vCenter. Kindly help on importing script part. I did try your import script but there is some error (posted in the end of the this thread).
This is the exporting of role and permission script:
#vCenter Role & Permission export#
Write-Host "`tExporting Permissions and Roles for vCenter.."
$vCenterHost = Read-Host "Enter vCenter Name:"
try {
#Establishing connection to vCenter
Connect-VIServer -Server $vCenterHost
#Permissions
$Permission = Get-VIPermission | Select-Object @{N='vCenter';E={$_.Uid.Split('@:')[1]}},
Principal,Role,propagate,
@{n='Entity';E={$_.Entity.Name}},
@{N='Entity Type';E={$_.EntityId.Split('-')[0]}}
#Export to CSV
$Permission | Export-Csv -Path "C:\Temp\$vCenterHost-Permission.csv"
#Export to XML
$PermissionXML = Get-VIPermission
$PermissionXML | Export-Clixml -Path "C:\Temp\$vCenterHost-Permission.xml"
#Roles
$Role = Get-VIRole | Select-Object @{N='vCenter';E={$_.Uid.Split('@:')[1]}},
Name,
@{N='PrivilegeList';E={[string]::Join([char]10,$_.PrivilegeList)}}
#Export to CSV
$Role | Export-Csv -Path "C:\Temp\$vCenterHost-Roles.csv"
#Export to XML
$RoleXML = Get-VIRole
$RoleXML | Export-Clixml -Path "C:\Temp\$vCenterHost-Roles.xml"
Write-Verbose "`tRole & Permission Data Exported Successfully from $vCenterHost" -Verbose
Write-Verbose "Disconnecting from $vCenterHost" -Verbose
Disconnect-VIServer -Server
}
catch {
Write-Verbose "`tError Encountered! Error:$_" -Verbose
$ErrorObject = New-Object -TypeName PSObject -Property @{
vCenterName = $vCenterHost
Error = $_
}
}
Import script error output:
Import Script which I'm referring to:
Import-excel -Path $reportName -WorksheetName Permissions -PipelineVariable row |
Foreach-Object -process {
$Permission = @{
Entity = Get-Inventory -Name $row.Entity
Role = Get-VIRole -name $row.Role
#Principal = $row.Principal
Propagate = $row.Propagate
Confirm = $false }
New-VIPermission $Permission
}
I'm not sure why you are importing from an XLSX file, while you exported to a CSV.
When I just tested, the following seems to work for me
$reportName = 'C:\Temp\<Your-CVSA-name>-Permission.csv'
Import-Csv -Path $reportName -PipelineVariable row |
ForEach-Object -Process {
$Permission = @{
Entity = Get-Inventory -Name $row.Entity
Role = Get-VIRole -Name $row.Role
Principal = $row.Principal
Propagate = [Boolean]$row.Propagate
Confirm = $false
WhatIf = $true
}
New-VIPermission @Permission
}
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Hello LucD,
Thank you for the response, just to confirm will this script also import role as well? or just permission only?
Looking forward to hear from you.
Thanks.
The permissions only.
To import the roles is similar, just the other CSV
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Should the import script for the vCenter 'Role' be something like this? please let me know. Thank you.
$reportName = 'C:\Temp\<Your-CVSA-name>-Role.csv'
Import-Csv -Path $reportName -PipelineVariable row |
ForEach-Object -Process {
$Role = @{
Name = $row.Name
Privilage = $row.PrivilegeList
Server = $row.vCenter
Confirm = $false
WhatIf = $true
}
New-VIRole @role
}
You have to get the actual privileges with the Get-VIPrivilege cmdet.
Something like this
$reportName = 'C:\Temp\<Your-VCSA-name>-Roles.csv'
Import-Csv -Path $reportName -PipelineVariable row |
ForEach-Object -Process {
$Role = @{
Name = $row.Name
Privilege = $row.PrivilegeList.Split("`n") | ForEach-Object { Get-VIPrivilege -Id $_ }
Server = $row.vCenter
Confirm = $false
WhatIf = $true
}
New-VIRole @role
}
Once you are sure the script works, remove the WhatIf line (same for the previous script).
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Thank you LucD ![]()
What would be the order to run the import script?
Should be the Roles first and Permissions second? or There is no such order in running the script by putting both import of role and permission script into one script? Please advice..
Appreciate your help on this one ![]()
Thank you again.
If you use custom Roles in the permissions, you should import the Roles first
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Hi LucD,
Can we export/import role and permission from one vCenter to another? if both are connected to same identity source (AD).
For the Roles the Identity Source doesn't play a part.
So yes, you can easily export-import those.
Of course only the custom roles, not the system roles.
For the permissions have a look at Solved: Re: need help with scripting export of datacenter ... - VMware Technology Network VMTN
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Hi LucD,
I am getting the following error when running the below code against a newly deployed vCenter (vSphere 7). I have multiple Datacenter objects in the VC. Please advise.
$reportName = 'C:\Temp\<Your-CVSA-name>-Permission.csv'
Import-Csv -Path $reportName -PipelineVariable row |
ForEach-Object -Process {
$Permission = @{
Entity = Get-Inventory -Name $row.Entity
Role = Get-VIRole -Name $row.Role
Principal = $row.Principal
Propagate = [Boolean]$row.Propagate
Confirm = $false
WhatIf = $true
}
New-VIPermission @Permission
}
New-VIPermission : Cannot process argument transformation on parameter 'Entity'. This parameter no longer accepts an
array. As an alternative you may pass multiple values by pipeline (if supported by the parameter).
At E:\cn\test-perm.ps1:14 char:20
+ New-VIPermission @Permission
+ ~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [New-VIPermission], ParameterBindingArgumentTransformationException
+ FullyQualifiedErrorId : ParameterArgumentTransformationError,VMware.VimAutomation.ViCore.Cmdlets.Commands.Permis
sionManagement.NewVIPermission
That seems to indicate that
Get-Inventory -Name $row.Entity
returns more than 1 object for entries in your CSV
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
