next »

[sigmanumk92]

I saw on here the script which will get user permissions from virtual center.  I am a noob to scripting and i would like to be able to use that script to get the permissions per vm.  Is there a way to do that?

[esarakaitis]

i guess what are you asking?

Code:

get-vipermission

along with the script that you posted, will list all assigned permissions and what level they have been assigned at.

what else do you want?

[sigmanumk92]

Thanks!

I ran the get-vipermission but i wanna be able to get the actual name of the folder, like admin, it.  It just shows under the EntityID somthing like this, shows folder-group-d1.  Is there a way to map that to the actual name of the folder?

EntityId             Role

--------             ----
Datacenter-datace... GAI Power User
Datacenter-datace... ReadOnly
Datacenter-datace... GAI VM ConsoleOnly Use...
Datacenter-datace... GAI VM ConsoleOnly Use...
Datacenter-datace... GAI VM ConsoleOnly Use...
Datacenter-datace... GAI VM ConsoleOnly Use...
Datacenter-datace... ReadOnly
Datacenter-datace... GAI Administrators
Datacenter-datace... GAI VM ConsoleOnly Use...
Datacenter-datace... GAI Storage Admins
Datacenter-datace... GAI Read-only
Datacenter-datace... GAI VM ConsoleOnly Use...
Datacenter-datace... GAI VM ConsoleOnly Use...
Datacenter-datace... GAI VM ConsoleOnly Use...
Datacenter-datace... GAI Storage Admins
Datacenter-datace... GAI Power User
Datacenter-datace... GAI Power User
ClusterComputeRes... GAI Administrators
Folder-group-d1      GAI Power User
Folder-group-d1      GAI Power User
Folder-group-d1      GAI Power User
Folder-group-d1      GAI Power User
Folder-group-d1      GAI Power User
Folder-group-d1      GAI Power User
Folder-group-d1      GAI Power User
Folder-group-d1      GAI Power User
Folder-group-d1      GAI Power User
Folder-group-d1      GAI Power User

[esarakaitis]

yep, using this:

Code:

Function Get-Path($entity){
$path = $entity.Name
while($entity.Parent -ne $null){
$entity = Get-View -Id $entity.Parent
if($entity.Name -ne "vm" -and $entity.Name -ne "host"){
$path = $entity.Name + "\" + $path
}
}
$path
}

$si = Get-View ServiceInstance
    $am = Get-View $si.Content.AuthorizationManager

    $roleList = $am.RoleList

    # Create the role map
    $roleMap = @{}
    # Add the roles to the map
    foreach ($role in $roleList)
    {
        $roleMap[$role.RoleId] = $role
    }

    $permissions = $am.RetrieveAllPermissions()
    # Foreach permission
    foreach ($permission in $permissions)
    {
        $roleName = $roleMap[$permission.RoleId].Name
        $entityView = Get-View $permission.Entity
        $permission | Select-Object @{Name="Principal"; Expression={$permission.Principal}},
                                    @{Name="RoleName"; Expression={$roleName}},
                                    @{Name="Object"; Expression={Get-Path $entityView}}
    }

[sigmanumk92]

That worked, your a genius.   

[sigmanumk92]

Ok one more question....is there a way to list all the vms under each folder.

[esarakaitis]

Code:

foreach ($folder in get-folder)
    {
    foreach ($vmachine in $folder | get-vm)
        {
    "" | select @{Name = "Folder"; Expression = {$folder.name}}, @{Name = "VM"; Expression = {$vmachine.name}}
        }
    }

[esarakaitis]

^^ did that code work for you?

[sigmanumk92]

yep that worked!  i just got a chance to try it out.