Solved: Cloning Roles from one vCenter to another

joepower · ‎03-07-2014

Hi Guys,

I need some help regarding a workflow I want to build for our VMware administators to ease there management. But I'm stucked and do not know how to proceed. Maybe somebody can help me.

I have the following step inside my workflow:

//Roles of Source vCenter
var SourceRoleList = new Array();
var SourceRoleList = Source_vcenter.authorizationManager.roleList
var InfraSourceRoleList = new Array();

for each (Role in SourceRoleList)
{
if (Role.name.indexOf("Infra") != -1 )
{
InfraSourceRoleList.push(Role);
}
}
//Roles of Target vCenter
var TargetRoleList = new Array();
var TargetRoleList = Target_vcenter.authorizationManager.roleList;
var PreExisting = 0;

for each(Role in InfraSourceRoleList)
{
PreExisting = 0
for each(TargetRole in TargetRoleList)
{
if(TargetRole.name == Role.name)
   {
   PreExisting = 1
   }
}
if(PreExisting == 1)
{
try
   {
   Target_vcenter.authorizationManager.updateAuthorizationRole(Role.roleId , Role.name , Role.privilege);
   System.log("Role: " + Role.name + " --- Privileges updated");
   }
catch(ex)
   {
   //System.log(ex);
   System.log("Role: " + Role.name + " --- already exists - No Updates");
   ex = null;
   }
}
else
{
try
   {
   Target_vcenter.authorizationManager.addAuthorizationRole(Role.name , Role.privilege);
   System.log("Role: " + Role.name + " --- created with privileges");
   }
catch(ex)
   {
   Target_vcenter.authorizationManager.addAuthorizationRole(Role.name);
   System.log("Role: " + Role.name + " --- created");
   }
}
}

If the role is not existing in target vcenter every pivilege will copied correctly. If I try to update it fails.But when I read the descriptin of authorizationManager.updateAuthorizationRole for e it seems the right function to use.

Burke- · ‎03-07-2014

BTW: I wrote some Role management workflows back in 2009... I freshened up the workflows/actions and packaged them up to share with the community: vCenter Authorization Role Management workflows

If my answer resolved or helped you, please mark it as Correct or Helpful to award points. Thank you!

Visit http://www.vcoteam.info & http://blogs.vmware.com/orchestrator
for vRealize Orchestrator tips and tutorials - @TechnicalValues on Twitter

View solution in original post

Burke- · ‎03-07-2014

I'm not running your code, but I just tested my old code and have the following results:

If I use the updateAuthorizationRole method to Add privileges, updates are made

If I use the updateAuthorizationRole method to Remove privileges, no updates are made

I even double-checked code syntax using ONYX and we both appear to be doing this correctly: Passing the roleID, roleName, and an array containing strings that identify the Privileges.

I have just reported a bug internally (1208881) after confirming this as a bug. Please consider opening an SR and feel free to reference the Bug ID noted here.

If my answer resolved or helped you, please mark it as Correct or Helpful to award points. Thank you!

Visit http://www.vcoteam.info & http://blogs.vmware.com/orchestrator
for vRealize Orchestrator tips and tutorials - @TechnicalValues on Twitter

Burke- · ‎03-07-2014

BTW: I wrote some Role management workflows back in 2009... I freshened up the workflows/actions and packaged them up to share with the community: vCenter Authorization Role Management workflows

If my answer resolved or helped you, please mark it as Correct or Helpful to award points. Thank you!

Visit http://www.vcoteam.info & http://blogs.vmware.com/orchestrator
for vRealize Orchestrator tips and tutorials - @TechnicalValues on Twitter

joepower · ‎03-21-2014

Sorry for this late response. First I want to thank you for yor quick reply. I downloaded now your WF and add it t mine. But I still got error for some roles. All vCenters are on the same version but sometimes different plugins installed. But the effected roles do not have permissions regarding the plugns.