next »

[esarakaitis]

vmwarescripting.com guru ewannama and i put this together today

Code:

    $si = Get-View ServiceInstance
    $am = Get-View $si.Content.AuthorizationManager

    $roleList = $am.RoleList

    # Create the role map
    $roleMap = @{}
    # Add the roles to the map
    foreach ($role in $roleList)
    {
        $roleMap[$role.RoleId] = $role
    }

    $permissions = $am.RetrieveAllPermissions()
    # Foreach permission
    foreach ($permission in $permissions)
    {
        $roleName = $roleMap[$permission.RoleId].Name
        $entityView = Get-View $permission.Entity
        $permission | Select-Object @{Name="Principal"; Expression={$permission.Principal}},
                                    @{Name="RoleName"; Expression={$roleName}},
                                    @{Name="Object"; Expression={Get-Path $entityView}}
    }

Function Get-Path($entity){
$path = $entity.Name
while($entity.Parent -ne $null){
$entity = Get-View -Id $entity.Parent
if($entity.Name -ne "vm" -and $entity.Name -ne "host"){
$path = $entity.Name + "\" + $path
}
}
$path
}

[stevemurfy]

Hello,

I am a total noob, so be gentle. 

When running the script, I get the following error..

Select-Object : The term 'Get-Path' is not recognized as a cmdlet, function, operable program, or script file. Verify the term and try again.

What have I missed?

Thanks for any help,

-Murf

[esarakaitis]

are you copying and pasting correctly? because get-path is being defined as a function here:

Code:

Function Get-Path($entity){
$path = $entity.Name
while($entity.Parent -ne $null){
$entity = Get-View -Id $entity.Parent
if($entity.Name -ne "vm" -and $entity.Name -ne "host"){
$path = $entity.Name + "\" + $path
}
}
$path
}

[stevemurfy]

I did try copying it again, but no luck.

I should have posted the full error.

Select-Object : The term 'Get-Path' is not recognized as a cmdlet, function, op
erable program, or script file. Verify the term and try again.
At C:\users\user\documents\PowerShellScripts\VcenterPermissions.ps1:20 cha
r:36
+         $permission | Select-Object <<<<  @{Name="Principal"; Expression={$pe
rmission.Principal}},
    + CategoryInfo          : InvalidResult: (VMware.Vim.Permission:PSObject)
   [Select-Object], CommandNotFoundException
    + FullyQualifiedErrorId : PropertyEvaluationNoExpand,Microsoft.PowerShell.
   Commands.SelectObjectCommand

[esarakaitis]

i cannot duplicate the error, i attached the PS1 file

what version of powershell, what version of toolkit?

[ewannema]

Hello Steve,

This is just a difference in the way we are running things.  To run this as a self contained script you have to put the function definition first.  You are currently getting the error because Powershell does not know about Get-Path until after it tries to use it in the Select-Object.

If you find the Get-Path function useful in general practice you can add it to your Powershell profile script and it will always be there.  That is probably why esarakaitis is not having any issues.

Code:

Function Get-Path($entity){
$path = $entity.Name
while($entity.Parent -ne $null){
$entity = Get-View -Id $entity.Parent
if($entity.Name -ne "vm" -and $entity.Name -ne "host"){
$path = $entity.Name + "\" + $path
}
}
$path
}

$si = Get-View ServiceInstance
$am = Get-View $si.Content.AuthorizationManager

$roleList = $am.RoleList

# Create the role map
$roleMap = @{}
# Add the roles to the map
foreach ($role in $roleList)
{
    $roleMap[$role.RoleId] = $role
}

$permissions = $am.RetrieveAllPermissions()
# Foreach permission
foreach ($permission in $permissions)
{
    $roleName = $roleMap[$permission.RoleId].Name
    $entityView = Get-View $permission.Entity
    $permission | Select-Object @{Name="Principal"; Expression={$permission.Principal}},
                                @{Name="RoleName"; Expression={$roleName}},
                                @{Name="Object"; Expression={Get-Path $entityView}}
}

[stevemurfy]

That was it!!!
I knew it had to be something simple that I was missing.

Thanks to both of you for taking the time to help me on this.

-Steve

[stevemurfy]

Sorry to be a pain, but could you tell me the most efficient way to send the output to a txt file or csv?

Thanks again

[esarakaitis]

export-csv

Code:

get-help export-csv

[ewannema]

.\ScriptName.ps1 | Export-Csv exportFile.csv

The Export-Csv function takes multiple input objects and writes them to the output file.  This highlights the difference between a script that outputs objects, as this one does, vs. a script that writes text to the screen.  Objects are much more flexible and fit with the PowerShell paradigm. 

As esarakaitis mentioned Get-Help will be beneficial to fine tune your output.

You did not ask for it, but ConvertTo-Html can be handy for a quick, slightly prettier, output.

[stevemurfy]

Perfect!  Thanks again guys.

[beav01]

This script is very helpful and is a good way of exporting the permissions.  I think that Stevemurfy had a good idea as well of exporting the results as a CSV file.

What I was wondering was if anyone had a good method of taking the CSV file and then importing them to apply the permissions?  This would be a good way of creating new datacenters with the appropriate permissions or doing testing in an offline lab.

Thanks!