
Monday, February 15, 2016

import vCenter roles (privileges) - Powercli.

From my first article Export vcenter roles (privileges) I exported all the roles and privileges successfully now it was task to migrate Roles on another vCenter. I already had grabbed roles in files so they where completely portable, I extracted zip file of my roles in the same c:\temp folder as I was going to use it.

this is screenshot from my previous post it contains all the roles.
Here is the script. I hope I am keeping all simple.

   Imports roles into vsphere roles..   
   This script imports roles into vspheres from .role file/   
   Import-vSphereRoles -Path c:\temp  
   Import Roles to the folder.   
   NAME: Import-vSphereRoles   
   AUTHOR: Kunal Udapi   
   LASTEDIT: 15th February 2016  
   KEYWORDS: Import Roles   
   #Check Online version:    
   #Requires -Version 3.0   
  #requires -Version 3    
   [Parameter(Mandatory=$true, Position=1,   
   [string]$Path = "c:\temp"    
  ) #Param   
 Begin {  
   $roleFiles = Get-ChildItem -Path $Path -Filter *.role  
 Process {  
   foreach ($role in $roleFiles) {  
     $VIRoleName = $role.BaseName   
     $RolesContent = Get-Content -Path $role.FullName  
     New-Virole -Name $VIRoleName | Out-Null  
     Write-Host "Created Role `"$VIRoleName`"" -BackgroundColor DarkGreen  
     foreach ($Privilege in $RolesContent) {  
       if (-not($privilege -eq $null -or $privilage -eq "")) {  
         Write-Host "Setting Permissions `"$Privilege`" on Role `"$VIRoleName`"" -ForegroundColor Yellow  
         Set-VIRole -Role $VIRoleName -AddPrivilege (Get-VIPrivilege -ID $privilege) | Out-Null  
       } #if (-not($privilege -eq $null -or $privilage -eq ""))  
     } #foreach ($Privilege in $RolesContent)  
   } #foreach ($role in $roleFiles)  
Once you keep it in .ps1 and run it  (check my earlier post for Export vcenter roles (privileges) how i have collected information and running script), you will see powercli console some thing like below screenshot.
I will be sharing next script for Exporting and Importing roles permissions stay tuned. If you like this article please share knowledge. 

1 comment:

  1. Awesome script, thank you so much for sharing it out.

    One issue I found, and this is most probably due to me exporting from vCenter V6.0 and importing to vCenter V6.7, is that it seems in V6.7 the role permissions may be named differently, so when you import, you get an error as such:

    Setting Permissions "Host.Local.DeleteVM" on Role "MyCompany"
    Setting Permissions "Host.Local.RelayoutSnapshots" on Role "MyCompany"
    Get-VIPrivilege : 10/03/2021 2:48:36 PM Get-VIPrivilege VIPrivilege with id 'Host.Local.RelayoutSnapshots' was not found using the specified filter(s).
    At C:\Users\myname\Documents\Import_VIRoles.ps1:39 char:54
    + Set-VIRole -Role $VIRoleName -AddPrivilege (Get-VIPrivilege -ID $privil ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : ObjectNotFound: (:) [Get-VIPrivilege], VimException
    + FullyQualifiedErrorId : Core_OutputHelper_WriteNotFoundError,VMware.VimAutomation.ViCore.Cmdlets.Commands.PermissionManagement.GetVIPrivilege

    Set-VIRole : Cannot validate argument on parameter 'AddPrivilege'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again.
    At C:\Users\myname\Documents\Import_VIRoles.ps1:39 char:53
    + Set-VIRole -Role $VIRoleName -AddPrivilege (Get-VIPrivilege -ID $privil ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : InvalidData: (:) [Set-VIRole], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,VMware.VimAutomation.ViCore.Cmdlets.Commands.PermissionManagement.SetVIRole
