PowerCLI

 View Only
Expand all | Collapse all

vCenter Roles and Permissions Export and Import (2021)

  • 1.  vCenter Roles and Permissions Export and Import (2021)

    Posted Sep 30, 2021 07:55 AM

    Hello LucD,

    I'm new to this and I'm stuck with vCenter Importing roles and permissions there is an error.. I will share the codes whatever I have it with me - need some help on this. We have created two output types - csv for human readable and XML for importing on vCenter. Kindly help on importing script part. I did try your import script but there is some error (posted in the end of the this thread).

    This is the exporting of role and permission script:

    #vCenter Role & Permission export#

    Write-Host "`tExporting Permissions and Roles for vCenter.."


    $vCenterHost = Read-Host "Enter vCenter Name:"

    try {

    #Establishing connection to vCenter
    Connect-VIServer -Server $vCenterHost

    #Permissions
    $Permission = Get-VIPermission | Select-Object @{N='vCenter';E={$_.Uid.Split('@:')[1]}},
    Principal,Role,propagate,
    @{n='Entity';E={$_.Entity.Name}},
    @{N='Entity Type';E={$_.EntityId.Split('-')[0]}}

    #Export to CSV
    $Permission | Export-Csv -Path "C:\Temp\$vCenterHost-Permission.csv"

    #Export to XML
    $PermissionXML = Get-VIPermission
    $PermissionXML | Export-Clixml -Path "C:\Temp\$vCenterHost-Permission.xml"


    #Roles
    $Role = Get-VIRole | Select-Object @{N='vCenter';E={$_.Uid.Split('@:')[1]}},
    Name,
    @{N='PrivilegeList';E={[string]::Join([char]10,$_.PrivilegeList)}}


    #Export to CSV
    $Role | Export-Csv -Path "C:\Temp\$vCenterHost-Roles.csv"

    #Export to XML
    $RoleXML = Get-VIRole
    $RoleXML | Export-Clixml -Path "C:\Temp\$vCenterHost-Roles.xml"

    Write-Verbose "`tRole & Permission Data Exported Successfully from $vCenterHost" -Verbose

    Write-Verbose "Disconnecting from $vCenterHost" -Verbose
    Disconnect-VIServer -Server

    }

    catch {

    Write-Verbose "`tError Encountered! Error:$_" -Verbose
    $ErrorObject = New-Object -TypeName PSObject -Property @{
    vCenterName = $vCenterHost
    Error = $_

    }

    }

     

    Import script error output:

    New-VIPermission : Cannot process argument transformation on parameter 'Principal'. This parameter no longer accepts
    an array. As an alternative you may pass multiple values by pipeline (if supported by the parameter).
    At D:\Script\Import of role and permission of vcenter (1).ps1:12 char:18
    + New-Vipermission $Permission
    + ~~~~~~~~~~~
    + CategoryInfo : InvalidData: (:) [New-VIPermission], ParameterBindingArgumentTransformationException
    + FullyQualifiedErrorId : ParameterArgumentTransformationError,VMware.VimAutomation.ViCore.Cmdlets.Commands.Permis
    sionManagement.NewVIPermission

     

    Import Script which I'm referring to:

    Import-excel -Path $reportName -WorksheetName Permissions -PipelineVariable row |
    Foreach-Object -process {
    $Permission = @{
    Entity = Get-Inventory -Name $row.Entity
    Role = Get-VIRole -name $row.Role
    #Principal = $row.Principal
    Propagate = $row.Propagate
    Confirm = $false }

    New-VIPermission $Permission
    }



  • 2.  RE: vCenter Roles and Permissions Export and Import (2021)

    Posted Sep 30, 2021 08:16 AM

    I'm not sure why you are importing from an XLSX file, while you exported to a CSV.

    When I just tested, the following seems to work for me

    $reportName = 'C:\Temp\<Your-CVSA-name>-Permission.csv'
    
    Import-Csv -Path $reportName -PipelineVariable row |
    ForEach-Object -Process {
      $Permission = @{
        Entity = Get-Inventory -Name $row.Entity
        Role = Get-VIRole -Name $row.Role
        Principal = $row.Principal
        Propagate = [Boolean]$row.Propagate
        Confirm = $false
        WhatIf = $true
      }
    
      New-VIPermission @Permission
    }


  • 3.  RE: vCenter Roles and Permissions Export and Import (2021)

    Posted Sep 30, 2021 08:56 AM

    Hello LucD,

    Thank you for the response, just to confirm will this script also import role as well? or just permission only?

    Looking forward to hear from you.

    Thanks.



  • 4.  RE: vCenter Roles and Permissions Export and Import (2021)

    Posted Sep 30, 2021 09:58 AM

    The permissions only.
    To import the roles is similar, just the other CSV



  • 5.  RE: vCenter Roles and Permissions Export and Import (2021)

    Posted Sep 30, 2021 10:42 AM

    Should the import script for the vCenter 'Role' be something like this? please let me know. Thank you.

    $reportName = 'C:\Temp\<Your-CVSA-name>-Role.csv'

    Import-Csv -Path $reportName -PipelineVariable row |
    ForEach-Object -Process {
    $Role = @{
    Name = $row.Name
    Privilage = $row.PrivilegeList
    Server = $row.vCenter
    Confirm = $false
    WhatIf = $true
    }

    New-VIRole
    }



  • 6.  RE: vCenter Roles and Permissions Export and Import (2021)

    Posted Sep 30, 2021 10:59 AM

    You have to get the actual privileges with the Get-VIPrivilege cmdet.
    Something like this

    $reportName = 'C:\Temp\<Your-VCSA-name>-Roles.csv'
    
    Import-Csv -Path $reportName -PipelineVariable row |
    ForEach-Object -Process {
      $Role = @{
        Name = $row.Name
        Privilege = $row.PrivilegeList.Split("`n") | ForEach-Object { Get-VIPrivilege -Id $_ }
        Server = $row.vCenter
        Confirm = $false
        WhatIf = $true
      }
    
      New-VIRole 
    }

    Once you are sure the script works, remove the WhatIf line (same for the previous script).



  • 7.  RE: vCenter Roles and Permissions Export and Import (2021)

    Posted Sep 30, 2021 11:14 AM

    Thank you LucD

    What would be the order to run the import script?
    Should be the Roles first and Permissions second? or There is no such order in running the script by putting both import of role and permission script into one script? Please advice..

    Appreciate your help on this one

    Thank you again.



  • 8.  RE: vCenter Roles and Permissions Export and Import (2021)

    Posted Sep 30, 2021 11:20 AM

    If you use custom Roles in the permissions, you should import the Roles first



  • 9.  RE: vCenter Roles and Permissions Export and Import (2021)

    Posted Nov 04, 2022 01:01 PM

    Hi LucD,

    Can we export/import role and permission from one vCenter to another? if both are connected to same identity source (AD).



  • 10.  RE: vCenter Roles and Permissions Export and Import (2021)

    Posted Nov 04, 2022 01:17 PM

    For the Roles the Identity Source doesn't play a part.
    So yes, you can easily export-import those.
    Of course only the custom roles, not the system roles.

    For the permissions have a look at Solved: Re: need help with scripting export of datacenter ... - VMware Technology Network VMTN



  • 11.  RE: vCenter Roles and Permissions Export and Import (2021)

    Posted Jan 11, 2023 10:03 AM

    Hi LucD,

    I am getting the following error when running the below code against a newly deployed vCenter (vSphere 7). I have multiple Datacenter objects in the VC. Please advise.

    $reportName = 'C:\Temp\<Your-CVSA-name>-Permission.csv'
    
    Import-Csv -Path $reportName -PipelineVariable row |
    ForEach-Object -Process {
      $Permission = @{
        Entity = Get-Inventory -Name $row.Entity
        Role = Get-VIRole -Name $row.Role
        Principal = $row.Principal
        Propagate = [Boolean]$row.Propagate
        Confirm = $false
        WhatIf = $true
      }
    
      New-VIPermission @Permission
    }

    New-VIPermission : Cannot process argument transformation on parameter 'Entity'. This parameter no longer accepts an
    array. As an alternative you may pass multiple values by pipeline (if supported by the parameter).
    At E:\cn\test-perm.ps1:14 char:20
    +   New-VIPermission @Permission
    +                    ~~~~~~~~~~~
        + CategoryInfo          : InvalidData: (:) [New-VIPermission], ParameterBindingArgumentTransformationException
        + FullyQualifiedErrorId : ParameterArgumentTransformationError,VMware.VimAutomation.ViCore.Cmdlets.Commands.Permis
       sionManagement.NewVIPermission

     



  • 12.  RE: vCenter Roles and Permissions Export and Import (2021)

    Posted Jan 11, 2023 10:22 AM

    That seems to indicate that

    Get-Inventory -Name $row.Entity

    returns more than 1 object for entries in your CSV