5 Replies Latest reply on Apr 8, 2012 8:57 PM by bretthacker

    Script to export vCenter Roles / Permissions

    Dave.Mac Enthusiast

      I'm trying to find a script that will capture our vSphere vCenter Roles and Permissions hierarchy. I thought I'd found the ideal thing at:

       

      http://www.virtu-al.net/2009/06/15/vsphere-permissions-export-import-part-1

       

      But I'm having real problems getting this working. I'm getting the same form of errors as other users on that site

       

      The script runs okay, but I get continual errors along the lines of:

       

      "You cannot call a method on a null-valued expression.

      At C:\tmp\ExportRoles.ps1:85 char:22

      $node.AppendChild( <<<< $tmp)"

       

      "You cannot call a method on a null-valued expression.

      At C:\tmp\ExportRoles.ps1:85 char:23

      $node.SetAttribute( <<<< $name, $value)"

       

      "You cannot call a method on a null-valued expression.

      At C:\tmp\ExportRoles.ps1:85 char:44

      $tmp = $global:vInventory.CreateElement( <<<< $nodeName)"

       

      That loops for a while then I get errors like:

       

      "Exception calling "AppendChild" with "1" argument(s): "Object reference not set to an instance of an object."

      At C:\tmp\ExportRoles.ps1:81 char:22

      $node.AppendChild( <<<< $tmp)

       

      When carrying out the fix as mentioned by one of the users about changing the 'global' part, I get the same erros but with a new one thrown in:

       

      "Exception calling "CreateElement" with "1" argument(s): "The local name for elements or attributes cannot be null or an empty string."

      At C:\tmp\ExportRoles.ps1:80 char:37

      $tmp = $vInventory.CreateElement( <<<< $nodeName)

       

      The script is creating the xml file populated with the descriptors, it's just not populating it with any of my roles or permissions. I have removed most of the stock roles and created new roles from scratch.

       

      I'm using vCenter 4.0U1 build 208111 and the PowerCli 4.0.1-208462

       

      Any ideas? Or can people point me somewhere else for a script that'll capture this. I especially like the fact it's been pumped out to XML as my intention is to use this as part of the automated build process for our environment. I'm fairly green to Powershell, I copied that script verbatim so if there's something noddy I should be doing please shout. I'm assuming it's not enumarting the values from the AuthorizationManager, but I don't know where to insert a 'Write-Host' step to output the value to a screen to check where it's falling over so again any help with this would be appreciated.

       

      Cheers folks.

        • 1. Re: Script to export vCenter Roles / Permissions
          LucD Guru
          vExpertCommunity WarriorsUser Moderators

          That is one of my old script that apparently had some problems in PowerShell v2.

          Attached a new version.

          Can you check if it works for you ?

           

           

           

           

          ____________

          Blog: LucD notes

          Twitter: lucd22

          • 2. Re: Script to export vCenter Roles / Permissions
            Dave.Mac Enthusiast

             

            You Sir, are what's commonly known in the business as a 'Star'.

             

             

             

             

             

            Thanks for taking the time to look at this and thanks for writing such a great script.

             

             

            • 3. Re: Script to export vCenter Roles / Permissions
              Ben7 Lurker

              Do you happen to have an updated copy of the import script too?  This updated export script worked like a champ but the import script is giving me errors. 

               

              Thanks,

               

              - Ben

               

              ---------------------------------------------------------------------

               

              Index operation failed; the array index evaluated to null.
              At C:\VM_permissions_import.ps1:33 char:11
              + $roleHash[ <<<< $_.Name] = $_.RoleId
                  + CategoryInfo          : InvalidOperation: (System.Collections.Hashtable:
                 Hashtable) [], RuntimeException
                  + FullyQualifiedErrorId : NullArrayIndex
              Method invocation failed because [System.String] doesn't contain a method named
              'Load'.
              At C:\VM_permissions_import.ps1:38 char:17
              + $vInventory.Load <<<< ($XMLfile)
                  + CategoryInfo          : InvalidOperation: (Load:String) [], RuntimeExcep
                 tion
                  + FullyQualifiedErrorId : MethodNotFound
              Cannot convert value "Inventory/Roles/Role" to type "System.Xml.XmlDocument". E
              rror: "Data at the root level is invalid. Line 1, position 1."
              At C:\VM_permissions_import.ps1:40 char:20
              + $XpathRoles = [xml] <<<< "Inventory/Roles/Role"
                  + CategoryInfo          : NotSpecified: (:) [], RuntimeException
                  + FullyQualifiedErrorId : RuntimeException
              Cannot convert value "Inventory/Permissions/Permission" to type "System.Xml.Xml
              Document". Error: "Data at the root level is invalid. Line 1, position 1."
              At C:\VM_permissions_import.ps1:41 char:26
              + $XpathPermissions = [xml] <<<< "Inventory/Permissions/Permission"
                  + CategoryInfo          : NotSpecified: (:) [], RuntimeException
                  + FullyQualifiedErrorId : RuntimeException
              Method invocation failed because [System.String] doesn't contain a method named
              'SelectNodes'.
              At C:\VM_permissions_import.ps1:43 char:24
              + $vInventory.SelectNodes <<<< ($XpathRoles) | % {
                  + CategoryInfo          : InvalidOperation: (SelectNodes:String) [], Runti
                 meException
                  + FullyQualifiedErrorId : MethodNotFound
              Method invocation failed because [System.String] doesn't contain a method named
              'SelectNodes'.
              At C:\VM_permissions_import.ps1:53 char:24
              + $vInventory.SelectNodes <<<< ($XpathPermissions) | % {
                  + CategoryInfo          : InvalidOperation: (SelectNodes:String) [], Runti
                 meException
                  + FullyQualifiedErrorId : MethodNotFound
              • 4. Re: Script to export vCenter Roles / Permissions
                Matt.B Enthusiast

                Thanks again Luc!  The export works perfect.  I added a check to the Get-Roles function to leave out the sample roles.

                 

                foreach($role in $authMgr.roleList){
                      if ($role.name -notmatch "sample"){
                          $ret = New-Object PSObject
                          $ret | Add-Member -Type noteproperty -Name “Name” -Value $role.name
                          $ret | Add-Member -Type noteproperty -Name “Label” -Value $role.info.label
                          $ret | Add-Member -Type noteproperty -Name “Summary” -Value $role.info.summary
                          $ret | Add-Member -Type noteproperty -Name “RoleId” -Value $role.roleId
                          $ret | Add-Member -Type noteproperty -Name “System” -Value $role.system
                          $ret | Add-Member -Type noteproperty -Name “Privilege” -Value $role.privilege
                          $report += $ret
                        }
                    }

                • 5. Re: Script to export vCenter Roles / Permissions
                  bretthacker Lurker

                  Old thread but wasn't finding anything else out there on it.

                   

                  Tried this script against a stand-alone ESXi 5 host, had to make this change:

                   

                      $authMgr = Get-View (Get-View ServiceInstance).Content.AuthorizationManager

                   

                  Replace the line in Get-Roles (ln 4) and Get-Permissions (ln 27).

                   

                  Also noticed that it didn't like saving to the root of my C drive on W7, altered the save line to c:\temp.

                   

                  Thanks for a nice script!