Hello,
I use Vmware ESXi 4.0.0. server, and I'm using "VMware-vSphere-CLI-4.0.0-253290.x86_64.tar.gz" console distributive. I have a virtual machine called "VM002" and an user called "vm002" which has "Administrator" role for this VM ("VM002"). The question is... how can I change "vm002" user role for this machine to "no-access" via vSphere CLI?
It seems that the only thing I can do is to modify user permissions for entire ESXi host, but not for a single VM:
vicfg-user --server --username --password -e user -o modify -l vm002 -r no-access
This command gives "vm002" access to a whole host, but the role is "no-access". But there must be some way to change user role within a single VM.
Thanks.
In order to change user role for single vm you have to use vmware perl SDK.
In attachment you can find the script which sets a role (rolename) for a user (setuser) in the single vm (vmname)
Example :
./setRoleToVM.pl --server esx --username root --password password --vmname vm002 --rolename adminrole --setuser testuser Assign role adminrole to user testuser Authorization Role adminrole Added To testuser Successfully.
Actually vicfg-user/esxcfg-user is a vSphere SDK for Perl script within the vCLI, it's just that VMware did not provide the functionality within the script. Both set of scripts uses the vSphere API methods to update the permission on a given entity.
=========================================================================
William Lam
VMware vExpert 2009,2010
VMware scripts and resources at:
Getting Started with the vMA (tips/tricks)
Getting Started with the vSphere SDK for Perl
VMware Code Central - Scripts/Sample code for Developers and Administrators
If you find this information useful, please award points for "correct" or "helpful".
Hello lamw
Yes, in the script vSphere SDK was used (SetEntityPermissions).
It really extends base functionality vCLI in the same way as your scripts do
Is there any problem about it?
I've not looked at the contents of your script, but I assumed it's using SetEntityPermissions method which is sounds like
The vCLI definitely only provides a subset of the functionality within the vSphere API, for anything else outside of those general functionalities, you would need to extend and/or create your own script. This is really VMware's fault for not clearly explaining this in their documentation and hence we have a gap compared to say PowerCLI. I hope to continue to spread the word with vSphere SDK for Perl and how it can be leveraged to automate all parts of your vSphere infrastructure.
Thanks for sharing your script, you should consider posting your script in the Developer Forum under vSphere SDK for Perl sample code repo - http://communities.vmware.com/community/developer/codecentral/vsphere_perl
=========================================================================
William Lam
VMware vExpert 2009,2010
VMware scripts and resources at:
Getting Started with the vMA (tips/tricks)
Getting Started with the vSphere SDK for Perl
VMware Code Central - Scripts/Sample code for Developers and Administrators
If you find this information useful, please award points for "correct" or "helpful".
Great thanks to everyone, I'll try to use your advises!