Found this old script which still did the trick:
https://www.thelowercasew.com/migrating-roles-privileges-from-an-old-vcenter-to-a-new-vcenter-using-powercli
#################################################
#
# PowerCLI Script to Transfer Roles between vCenters
# Written by BLiebowitz on 11/6/2015
#
#################################################
#connect to both source and destination vCenters
# Variables
$VC1="sourcevc1.lebrine.com"
$VC2="destinationvc1.lebrine.com"
# Get roles to transfer
$roles = Get-VIRole -server $VC1
# Get role Privileges
foreach ($role in $roles) {
[string[]]$privsforRoleAfromVC1=Get-VIPrivilege -Role (Get-VIRole -Name $role -server $VC1) |% {$_.id}
# Create new role in VC2
New-VIRole -name $role -Server $VC2
# Add Privileges to new role.
Set-VIRole -role (get-virole -Name $role -Server $VC2) -AddPrivilege (get-viprivilege -id $privsforRoleAfromVC1 -server $VC2)
}
Original Message:
Sent: Apr 08, 2025 11:13 AM
From: dbutch1976
Subject: Create new custom roles with defined privileges
Hi all,
I found a handy little command from LucD to get a list of roles with their privleges:
$CUSTROLES = Get-VIRole | Where-Object {$_.Name -match "MYROLE" -or $_.Name -match "CUSTOM"} foreach($role in $CUSTROLES){ Get-VIPrivilege -Role $role | Select @{N="Role";E={$role.Name}},@{N="Privilege Name";E={$_.Name}},@{N="Privilege ID";E={$_.ID}} }
Now that I have this list of roles, I would like to recreate these roles with their privileges on a new destination vCenter.
I know how to create an individual role, for example:
New-VIRole -name RO+DSBrowse -Privilege "Browse datastore" -Server $viserver
How do I recreate the roles and privileges I captured in step#1 ?