Create a vSphere Role and Assign Permissions to a User

With PowerCLI, you can automate management of vSphere permissions, roles, and privileges.

Note: vSphere permissions determine your level of access to vCenter Server, and ESXi hosts. Privileges define individual rights to perform actions and access object properties. Roles are predefined sets of privileges.

Prerequisites

Verify that you are connected to a vCenter Server system.

Procedure

  1. Get the privileges of the Readonly role.
    $readOnlyPrivileges = Get-VIPrivilege -Role Readonly
  2. Create a new role with custom privileges.
    $role1 = New-VIRole -Privilege $readOnlyPrivileges -Name Role1
  3. Add the PowerOn privileges to the new role.
    $powerOnPrivileges = Get-VIPrivilege -Name "PowerOn"
    $role1 = Set-VIRoleRole $role1 –AddPrivilege $powerOnPrivileges
  4. Create a permission and apply it to a vSphere root object.
    $rootFolder = Get-Folder -NoRecursion
    $permission1 = New-VIPermission -Entity $rootFolder -Principal "user" -Role readonly -Propagate
    The Principal parameter accepts both local and domain users and groups if the vCenter Server system is joined in AD.
  5. Update the new permission with the custom role.
    $permission1 = Set-VIPermission -Permission $permission1 -Role $role1

Results

You created a new role and assigned permissions to a user.