VMware Cloud Community
toffaha1
Enthusiast
Enthusiast
‎07-27-2022 08:12 AM
Jump to solution

unable to add these Privileges to vCenter role

Hi all,

I am trying to add vCenter privileges to a role via PowerCLI as the following but not sure why it keeps throwing errors.

 

System.View
System.Read
Global.LogEvent
Global.Licenses
Global.DisableMethods
Global.EnableMethods
Folder.Create
Folder.Delete
Datastore.Rename
Datastore.Move
Datastore.Delete
Datastore.Browse
Datastore.DeleteFile
Datastore.FileManagement
Datastore.AllocateSpace
Datastore.Config
Datastore.UpdateVirtualMachineFiles
Datastore.UpdateVirtualMachineMetadata
Network.Assign
DVSwitch.Create
DVSwitch.Delete
DVPortgroup.Create
DVPortgroup.Modify
Host.Config.Storage
Host.Local.DeleteVM
VirtualMachine.Inventory.Create
VirtualMachine.Inventory.Register
VirtualMachine.Inventory.Delete
VirtualMachine.Inventory.Unregister
VirtualMachine.Interact.PowerOn
VirtualMachine.Interact.PowerOff
VirtualMachine.Interact.GuestOperatingSystemManagementByVIXAPI
VirtualMachine.GuestOperations.Query
VirtualMachine.GuestOperations.Modify
VirtualMachine.GuestOperations.Execute
VirtualMachine.Config.AddExistingDisk
VirtualMachine.Config.AddNewDisk
VirtualMachine.Config.RemoveDisk
VirtualMachine.Config.RawDevice
VirtualMachine.Config.HostUSBDevice
VirtualMachine.Config.AdvancedConfig
VirtualMachine.Config.SwapPlacement
VirtualMachine.Config.ChangeTracking
VirtualMachine.State.CreateSnapshot
VirtualMachine.State.RevertToSnapshot
VirtualMachine.State.RemoveSnapshot
VirtualMachine.Provisioning.DiskRandomRead
VirtualMachine.Provisioning.GetVmFiles
Resource.AssignVMToPool
Resource.HotMigrate
Resource.ColdMigrate
VApp.AssignVM
VApp.AssignResourcePool
VApp.Unregister

 

errors

Get-VIPrivilege : 7/27/2022 3:10:32 PM Get-VIPrivilege VIPrivilege with id 'VApp.AssignResourcePool ' was not found using the specified filter(s).
At line:1 char:38
+ ... -Privilege (Get-VIPrivilege -Server $viserver -id $cvRoleIds) -Serve ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (:) [Get-VIPrivilege], VimException
+ FullyQualifiedErrorId : Core_OutputHelper_WriteNotFoundError,VMware.VimAutomation.ViCore.Cmdlets.Commands.PermissionManagement.GetVIPrivilege

Get-VIPrivilege : 7/27/2022 3:10:32 PM Get-VIPrivilege VIPrivilege with id 'VApp.Unregister ' was not found using the specified filter(s).
At line:1 char:38
+ ... -Privilege (Get-VIPrivilege -Server $viserver -id $cvRoleIds) -Serve ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (:) [Get-VIPrivilege], VimException
+ FullyQualifiedErrorId : Core_OutputHelper_WriteNotFoundError,VMware.VimAutomation.ViCore.Cmdlets.Commands.PermissionManagement.GetVIPrivilege

Best Regards,
Muhammad Toffaha
Technical Consultant
0 Kudos
1 Solution

Accepted Solutions
LucD
Leadership
Leadership
‎07-27-2022 09:20 AM
Jump to solution

Looks like you have a space (blank) after VApp.AssignResourcePool and VApp.Unregister.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

0 Kudos
6 Replies
LucD
Leadership
Leadership
‎07-27-2022 09:20 AM
Jump to solution

Looks like you have a space (blank) after VApp.AssignResourcePool and VApp.Unregister.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
toffaha1
Enthusiast
Enthusiast
‎07-28-2022 04:51 AM
Jump to solution

Thanks @LucD , you're the best 🙂 

can you please tell me the correct filter for =>VirtualMachine.Interact.GuestOperatingSystemManagementByVIXAPI, as I can't find it with get filter 

 

Get-VIPrivilege : 7/28/2022 11:48:34 AM Get-VIPrivilege VIPrivilege with id 'VirtualMachine.Interact.GuestOperatingSystemManagementByVIXAPI' was not found using the specified filter(s).

 

 

Best Regards,
Muhammad Toffaha
Technical Consultant
0 Kudos
LucD
Leadership
Leadership
‎07-28-2022 05:27 AM
Jump to solution

To be honest I have never heard of that privilege.
Where did you see it?


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
toffaha1
Enthusiast
Enthusiast
‎07-28-2022 05:54 AM
Jump to solution

I can see it listed here but I think the filter is written in a wrong way

 

https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-3D47149A-947D-460... 

Best Regards,
Muhammad Toffaha
Technical Consultant
0 Kudos
LucD
Leadership
Leadership
‎07-28-2022 06:46 AM
Jump to solution

Not sure which filter you mean?
If I list the privileges via the API (not via Get-VIPrivilege) that one doesn't seem to appear.

$si = Get-View ServiceInstance
$authMgr = Get-View -Id $si.Content.AuthorizationManager

$authMgr.PrivilegeList | where{$_.PrivId -match 'VirtualMachine.Interact'}


Afaik, the VIX API was terminated in favor of the GuestOperations.
I'm not sure why it would still be listed in documentation for vSphere 7


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

toffaha1
Enthusiast
Enthusiast
‎08-01-2022 03:55 PM
Jump to solution

Thanks 🙂

may be it's removed as you mentioned.

Best Regards,
Muhammad Toffaha
Technical Consultant
0 Kudos