createrole.pl

natxoasenjo · ‎04-13-2015

on the forum I found the createrole.pl script (https://developercenter.vmware.com/forums?id=3088#245019) but it does not work:

perl createRole.pl --server esxxxx --username root --password xxxxx --rolename "remove datastores" --privileges "Datastore.browse"

Possible precedence issue with control flow operator at /home/j.asenjo/perl5/perlbrew/perls/perl-5.20.1/lib/site_perl/5.20.1/VMware/VICommon.pm line 2141.

Creating new role: "remove datastores" with the following privileges:

Datastore.browse

Error:

SOAP Fault:

-----------

Fault string: A specified parameter was not correct.

privIds

Any idea what I am doing wrong?

Thanks!

natxoasenjo · ‎04-13-2015

strangely enough, adding another datastore role works ok:

perl createRole.pl --rolename testrole --privileges "Datastore.Browse" --username root --server esxxxx --password xxxxx

Possible precedence issue with control flow operator at /home/j.asenjo/perl5/perlbrew/perls/perl-5.20.1/lib/site_perl/5.20.1/VMware/VICommon.pm line 2141.

Creating new role: "testrole" with the following privileges:

Datastore.Browse

Successfully created new role!

natxoasenjo · ‎04-13-2015

ok, the role is not 'Datastore.Remove' but 'Datastore.Delete'

Sorry for the noise, in the vsphere client you see 'Remove datastore' when editing a role, so I assumed it was 'Datastore.Remove' .

natxoasenjo · ‎04-15-2015

just for completeness sake, if you need to find out what the privileges names are you can do this (after succesfully connecting to an esx host as a user with the administrator role):

use Data::Dumper;

my $host_view = Vim::find_entity_view(view_type => 'HostSystem');

my $content = Vim::get_service_content();

my $authMgr = Vim::get_view(mo_ref => $content->authorizationManager);

my $rolelist = $authMgr->roleList;

print Dumper $rolelist;

This might save you some frustration time