VMware Cloud Community
edkane
Contributor
Contributor
‎01-26-2012 12:06 PM
Jump to solution

PortGroup Permissions

I am looking for help from community in building a script to report permissions on Portgroups.  I have been working to work with get-vipermission, but have been having difficulties figuring out the proper formatting.

0 Kudos
1 Solution

Accepted Solutions
LucD
Leadership
Leadership
‎01-26-2012 05:05 PM
Jump to solution

The current Get-ViPermission cmdlet doesn't seem to handle portgroups correctly.

Try something like this

$authMgr = Get-View AuthorizationManager 
$roles = @{}
$authMgr.RoleList | %{
    $roles.Add($_.RoleId,$_.Name)
}

$report = foreach($esx in Get-VMHost){
    foreach($net in (Get-View $esx.ExtensionData.Network)){
        $authMgr.RetrieveEntityPermissions($net.MoRef,$true) | 
        Select @{N="Host";E={$esx.Name}},
            @{N="Portgroup";E={$net.Name}},
            @{N="Propagate";E={$_.Propagate}},
            @{N="Permission on";E={(Get-View $_.Entity).Name}},
            Principal,@{N="Role";E={$roles[$_.RoleId]}}
    }
}

$report | Format-Table -AutoSize

The script will also list the inherited permissions.

If you only want the permission applied on the portgroups themselves replace this line

        $authMgr.RetrieveEntityPermissions($net.MoRef,$true) |

with this line

        $authMgr.RetrieveEntityPermissions($net.MoRef,$false) |


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

0 Kudos
1 Reply
LucD
Leadership
Leadership
‎01-26-2012 05:05 PM
Jump to solution

The current Get-ViPermission cmdlet doesn't seem to handle portgroups correctly.

Try something like this

$authMgr = Get-View AuthorizationManager 
$roles = @{}
$authMgr.RoleList | %{
    $roles.Add($_.RoleId,$_.Name)
}

$report = foreach($esx in Get-VMHost){
    foreach($net in (Get-View $esx.ExtensionData.Network)){
        $authMgr.RetrieveEntityPermissions($net.MoRef,$true) | 
        Select @{N="Host";E={$esx.Name}},
            @{N="Portgroup";E={$net.Name}},
            @{N="Propagate";E={$_.Propagate}},
            @{N="Permission on";E={(Get-View $_.Entity).Name}},
            Principal,@{N="Role";E={$roles[$_.RoleId]}}
    }
}

$report | Format-Table -AutoSize

The script will also list the inherited permissions.

If you only want the permission applied on the portgroups themselves replace this line

        $authMgr.RetrieveEntityPermissions($net.MoRef,$true) |

with this line

        $authMgr.RetrieveEntityPermissions($net.MoRef,$false) |


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos