Automation

 View Only
  • 1.  Script to Audit Permissions. in Vcenter

    Posted May 06, 2014 08:15 PM

    I need to Audit the vCenter to see what user accounts have access to VMs/Folders/Datastores/etc etc etc

    Im not a script guy, and my searchs seem to be coming up short..

    Im hoping someone that knows more about Power CLI can point me in the right direction.

    All i need to see is the user account and the type permissions/access that user account has.

    any help would be great.

    thanks in advance..

    (If this has been answered somewhere already I apologize for reposting the question.



  • 2.  RE: Script to Audit Permissions. in Vcenter

    Posted May 06, 2014 08:22 PM

    This will give you all permissions on all folders (including the hidden ones).

    Get-Folder | Get-VIPermission |

    Where {$_.EntityId -match "Folder"} |

    Select Entity,Principal,Role



  • 3.  RE: Script to Audit Permissions. in Vcenter

    Posted Sep 16, 2016 01:49 PM

    Hello Luc,

    Is there a way to check Who gave Permission for the VC or assign roles/permissions ?

    Looking for Auditing purpose.

    I have VC for 4.1/5.1/6.0

    Any hint ?

    Regards,

    Amol



  • 4.  RE: Script to Audit Permissions. in Vcenter

    Posted Sep 16, 2016 01:58 PM

    Try like this

    Get-VIEvent -Start (Get-Date).AddDays(-1) -MaxSamples ([int]::MaxValue) |

    where{$_ -is [VMware.Vim.PermissionAddedEvent]} |

    Select CreatedTime,UserName,Principal,@{N='Entity';E={$_.Entity.Name}},@{N='Role';E={$_.Role.Name}}



  • 5.  RE: Script to Audit Permissions. in Vcenter

    Posted Sep 16, 2016 02:15 PM

    Hello Luc,

    Thanks for quick reply and yes its working.

    Thanks for the always quick help and guidance :smileyhappy:

    But, If event is not there then can not get, I was looking for old auditing records.

    I got the recent once.



  • 6.  RE: Script to Audit Permissions. in Vcenter

    Posted Sep 16, 2016 03:36 PM

    You can adapt the value on the Start parameter, in my sample code it only looks back 1 day.

    Or you can leave out the Start parameter all together, then it will look at all the events in the DB