VMware Cloud Community
nanoit
Contributor
Contributor

modify user role via VMware vSphere CLI 4.0.0

Hello,

I use Vmware ESXi 4.0.0. server, and I'm using "VMware-vSphere-CLI-4.0.0-253290.x86_64.tar.gz" console distributive. I have a virtual machine called "VM002" and an user called "vm002" which has "Administrator" role for this VM ("VM002"). The question is... how can I change "vm002" user role for this machine to "no-access" via vSphere CLI?

It seems that the only thing I can do is to modify user permissions for entire ESXi host, but not for a single VM:

vicfg-user --server --username --password -e user -o modify -l vm002 -r no-access

This command gives "vm002" access to a whole host, but the role is "no-access". But there must be some way to change user role within a single VM.

Thanks.

Reply
0 Kudos
5 Replies
VTsukanov
Virtuoso
Virtuoso

In order to change user role for single vm you have to use vmware perl SDK.

In attachment you can find the script which sets a role (rolename) for a user (setuser) in the single vm (vmname)

Example :

./setRoleToVM.pl --server esx --username root --password password --vmname vm002 --rolename adminrole --setuser testuser
Assign role adminrole to user testuser
Authorization Role adminrole Added To testuser Successfully.

Reply
0 Kudos
lamw
Community Manager
Community Manager

Actually vicfg-user/esxcfg-user is a vSphere SDK for Perl script within the vCLI, it's just that VMware did not provide the functionality within the script. Both set of scripts uses the vSphere API methods to update the permission on a given entity.

=========================================================================

William Lam

VMware vExpert 2009,2010

VMware scripts and resources at:

Twitter: @lamw

Getting Started with the vMA (tips/tricks)

Getting Started with the vSphere SDK for Perl

VMware Code Central - Scripts/Sample code for Developers and Administrators

VMware Developer Community

If you find this information useful, please award points for "correct" or "helpful".

Reply
0 Kudos
VTsukanov
Virtuoso
Virtuoso

Hello lamw

Yes, in the script vSphere SDK was used (SetEntityPermissions).

It really extends base functionality vCLI in the same way as your scripts do Smiley Happy

Is there any problem about it?

Reply
0 Kudos
lamw
Community Manager
Community Manager

I've not looked at the contents of your script, but I assumed it's using SetEntityPermissions method which is sounds like Smiley Happy

The vCLI definitely only provides a subset of the functionality within the vSphere API, for anything else outside of those general functionalities, you would need to extend and/or create your own script. This is really VMware's fault for not clearly explaining this in their documentation and hence we have a gap compared to say PowerCLI. I hope to continue to spread the word with vSphere SDK for Perl and how it can be leveraged to automate all parts of your vSphere infrastructure.

Thanks for sharing your script, you should consider posting your script in the Developer Forum under vSphere SDK for Perl sample code repo - http://communities.vmware.com/community/developer/codecentral/vsphere_perl

=========================================================================

William Lam

VMware vExpert 2009,2010

VMware scripts and resources at:

Twitter: @lamw

Getting Started with the vMA (tips/tricks)

Getting Started with the vSphere SDK for Perl

VMware Code Central - Scripts/Sample code for Developers and Administrators

VMware Developer Community

If you find this information useful, please award points for "correct" or "helpful".

Reply
0 Kudos
nanoit
Contributor
Contributor

Great thanks to everyone, I'll try to use your advises!

Reply
0 Kudos