Automation

 View Only
  • 1.  Question on Entity argument in new-vipermission

    Posted Nov 05, 2022 07:13 PM

    Hello. I am writing simple script to assign permissions and I cannot figure out how to reference the actual vCenter object, which we have a custom role on. I can reference all our other entities we have custom roles. For instance here is me assigning NoAccess to a special datastore folder.

    New-VIPermission -Role NoAccess -Entity (Get-Folder -Type Datastore -Name "NO-ACCESS") -Principal “xxx”

    We have custom roles on Datacenter, Storage folder, VM folder, and vCenter object. I cannot figure out to how to pass the vCenter object in the Entity variable. Thank you.

     

     



  • 2.  RE: Question on Entity argument in new-vipermission
    Best Answer

    Posted Nov 05, 2022 07:42 PM

    Try with

    $root = Get-Folder -Name 'Datacenters'


  • 3.  RE: Question on Entity argument in new-vipermission

    Posted Nov 05, 2022 09:05 PM

    EDIT: This is working. I got it with your example. Thank you very much!

    I saw that on get-vipermission when trying to see how I reference it. But this still makes no sense to me. If we look at the permissions like this:

    vcenter.xxx.   (vCenter-Role)

         Datacenter-1.  (Datacenter Role)

          Cluster-1

            Folder (Folder Role)

        DataCenter-1  (Datacenter Role)

           etc

     

    The Datacenter entity has a different Role than the role that is attached directly on the vCenter at the top. I hope I make myself clear, Thank you.



  • 4.  RE: Question on Entity argument in new-vipermission

    Posted Nov 05, 2022 11:08 PM

    That could mean there is an explicit permission for that role on the Datacenter.
    That overrides the Propagate on the vCenter, provided we are looking at the same Principal.