Automation

 View Only
  • 1.  Minimum permissions to run Get-ApplianceBackupJob in PowerCLI

    Posted Nov 25, 2022 07:47 AM

    How to find out, what are the minimum permissions to run Get-ApplianceBackupJob?

    It works for us ONLY for account which is part of the vSphere "Administrators" default group.

    There are no predefined groups in vCenters related to these new CmdLets which are able to manage VCSA appliance by login to vSphere domain, without the need to access the VCSA:5480.

    And VMware documentation related to permissions vs these kind of special cmdlets is so poor, that one is on his own to do some reverse engineering. The CmdLet has no Verbose parameter.

    For account NOT in the local vSphere "Administrators" group, all you get as an error is:

    Get-ApplianceBackupJob : 11/25/2022 8:45:00 AM Get-ApplianceBackupJob One or more errors occurred.
    At line:1 char:1
    + Get-ApplianceBackupJob
    + ~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (:) [Get-ApplianceBackupJob], VimException
    + FullyQualifiedErrorId : Core_BaseCmdlet_UnknownError,VMware.VimAutomation.ViCore.Cmdlets.Commands.Appliance.Back
    up.GetApplianceBackupJob

     



  • 2.  RE: Minimum permissions to run Get-ApplianceBackupJob in PowerCLI
    Best Answer

    Posted Nov 25, 2022 09:55 AM

    Afaik, a user that wants to interact with the Appliance needs to be in the Administrators group under Single Sign On - Users and Groups.

    There are unfortunately no specific privilege requirements listed under the List Backup Job method in the REST API Reference (which is the actual method this cmdlet uses under the covers).



  • 3.  RE: Minimum permissions to run Get-ApplianceBackupJob in PowerCLI

    Posted Jul 13, 2023 01:31 PM

    Hi  

    How did you end up proceeding with this? I believe that I am trying to achieve the same thing that you were, which is to monitor the VCSA backup status.

    Did you give the user that is connecting with PowerCLI admin permissions?

     

    Thanks



  • 4.  RE: Minimum permissions to run Get-ApplianceBackupJob in PowerCLI

    Posted Jul 13, 2023 01:47 PM

    "....Did you give the user that is connecting with PowerCLI admin permissions?"  interesting question. No comment.

    One very weak workaround is to check on the backup files itself. That gives you some time frame, size, etc., so some idea.



  • 5.  RE: Minimum permissions to run Get-ApplianceBackupJob in PowerCLI

    Posted Jul 13, 2023 02:14 PM

    I am not sure what you mean by "No comment". I was simply asking if this is what you ended up doing. I would rather not have to do that.

    As for the workaround, I also thought of that option but that would be a last resort scenario. I would prefer to use the tools that are built in VCSA but if there's no way to use them without giving admin permissions, I may not go that route.

    Thank you for the reply.



  • 6.  RE: Minimum permissions to run Get-ApplianceBackupJob in PowerCLI

    Posted Jul 17, 2023 08:13 AM

    I believe admins should be very caution about what they share regarding their "internal environment configuration", especially when it comes to permissions. One thing is to have technical discussion about technical solutions and possibilities and something else is writing in public "how we have it done in our company", where to what we have granted full admin access, etc.