With
PowerCLI, you can automate management of vSphere permissions,
roles, and privileges.
Note: vSphere permissions
determine your level of access to vCenter Server, and
ESXi hosts.
Privileges define individual rights to perform actions and access object
properties. Roles are predefined sets of privileges.
Prerequisites
Verify that you are connected
to a
vCenter
Server
system.
Procedure
-
Get the privileges of
the Readonly role.
$readOnlyPrivileges = Get-VIPrivilege -Role Readonly
-
Create a new role with
custom privileges.
$role1 = New-VIRole -Privilege $readOnlyPrivileges -Name Role1
-
Add the
PowerOn
privileges to the new role.
$powerOnPrivileges = Get-VIPrivilege -Name "PowerOn"
$role1 = Set-VIRole –Role $role1 –AddPrivilege $powerOnPrivileges
-
Create a permission and
apply it to a vSphere root object.
$rootFolder = Get-Folder -NoRecursion
$permission1 = New-VIPermission -Entity $rootFolder -Principal "user" -Role readonly -Propagate
The
Principal parameter
accepts both local and domain users and groups if the vCenter Server system is
joined in AD.
-
Update the new
permission with the custom role.
$permission1 = Set-VIPermission -Permission $permission1 -Role $role1
Results
You created a new role and
assigned permissions to a user.