PowerCLI

 View Only

  • 1.  Get all objects that a user has permissions to

    Posted Jul 02, 2018 02:41 PM

    I'm looking at creating a script to list all objects that a specific user account has access to, this can be any role.

    I cant find anything in the PowerCLI documentation that will help here, does anyone have any pointers?



  • 2.  RE: Get all objects that a user has permissions to

    Posted Jul 03, 2018 04:32 AM

    Try like this, but note that this only lists the entities with an explicit permission, not the entities where the user has a propagated permission.

    $user = 'domain\user'

    Get-VIPermission -Principal $user | select Entity,Propagate



  • 3.  RE: Get all objects that a user has permissions to

    Posted Jul 03, 2018 07:34 AM

    Thanks - Propagation is actually what I'm looking for.

    I can't see a way to do this, but if there is a way to check if a user account has permissions to a specific object, I can just loop through all objects that I'm interested in if that's a quick way to solve it?



  • 4.  RE: Get all objects that a user has permissions to
    Best Answer

    Posted Jul 03, 2018 07:47 AM

    You can do something like this.

    In $entity store the object for which you want to query the permissions.

    The output shows where the permission comes from.

    $si = Get-View ServiceInstance

    $authMgr = Get-View -Id $si.Content.AuthorizationManager


    $inherited = $true

    $entity = Get-VM -Name MyVM


    $authMgr.RetrieveEntityPermissions($entity.ExtensionData.MoRef,$inherited) |

    Select Principal,Group,Propagate,

       @{N='Role';E={(Get-VIRole -Id $_.RoleId).Name}},

       @{N='PermissionFrom';E={(Get-View -Id $_.Entity -Property Name).Name}}



  • 5.  RE: Get all objects that a user has permissions to

    Posted Jul 03, 2018 11:00 AM

    Thanks, that's great, I need to format the output differently but this is a great help.