MY FIRST PUBLISHED CODE – CREATE ROLES AND PRIVILEGES USING POWERCLI

This is my first script that I published ever as in EVER! Feel free to comment.

The script’s intention is to create a role with privileges of either set 1 or set 2. As in these sets are two different permission sets with Set 2 being a little more enhanced.

This is what this bit of code does – takes a predefined role and privileges and define it in the $privs1 array.

Once you have all you need – you just pass the parameter and call the script as .\scriptname.ps1 -vcenter vcentername -role-set number

Here the number can be 1 or 2 with 2 pointing to more privileges to the role. There is not much error checking but this is it for now, more in the future..:)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
 param([string]$vcenter, [string]$roleset)
if((-not($vcenter)) -and (-not($roleset))){Throw "You must supply vcenter followed by the roleset you want to execute upon. Please input the roleset id as applicable. Valid Rolesets are 1 or 2"}
 
Add-PSSnapin VMware.* -erroraction silentlycontinue
 
$privs1 = @("Acknowledge Alarm","Create Alarm","Disable Alarm Action", "Modify Alarm", "Remove Alarm", "Set Alarm Status", "Create Datacenter", "Move Datacenter", "Remove Datacenter", "Rename Datacenter", "Allocate Space", "Configure Datastore", "Create Folder", "Delete Folder" , "Rename Folder", "Cancel Task", "Assign Network", "Modify Intervals", "Assign Virtual Machine to Resource Pool", "Create Resource Pool", "Migrate", "Modify Resource Pool", "Move Resource Pool", "Remove Resource Pool", "Rename Resource Pool", "View", "Add Virtual Machine", "Assign Resource pool", "Assign vApp", "Clone", "Export", "Import", "Move", "Rename", "Suspend", "Unregister", "vApp Application Configuration", "vApp Instance Configuration", "vApp Resource Configuration", "View OVF Environment", "Add Existing Disk", "Add New Disk", "Add or remove device", "Advanced", "Change CPU Count", "Change Resource", "Configure Managedby", "Display Connection Settings", "Extend Virtual Disk", "Host USB Device", "Memory", "Modify Device Settings", "Query Fault Tolerance Compatibility", "Query Unowned Files", "Raw device", "Reload from path", "Remove disk", "Rename", "Set Annotation", "Settings", "Swapfile placement", "Upgrade virtual Machine compatibility", "Guest Operation Modifications", "Guest Operation Program Execution", "Guest Operation queries", "Create from existing", "Create new", "Move", "Register", "Remove", "Unregister", "Create Snapshot","Remove Snapshot", "Rename Snapshot", "Revert to Snapshot", "Answer Question", "Configure CD Media", "Configure Floppy media", "Console interaction", "Create Screenshot", "Defragment all disks", "Device connection", "Disable fault tolerance", "Enable Fault Tolerance", "Record session on Virtual machine", "Replay session on virtual machine", "Reset", "Suspend", "test Failover", "Test restart secondary VM", "Turn off Fault Tolerance", "Turn On Fault tolerance", "VMware tools install", "Guest operation program execution", "Guest operation queries", "Allow disk access", "Allow read-only disk access", "Clone template", "Clone virtual machine", "Create template from virtual machine", "Customize", "Deploy template" , "Mark as Template", "Mark as virtual machine", "Modify customization specification", "Promote disks", "Read customization specifications")
 
$Privs2 = $Privs1 + "Create", "Delete", "Power OFF", "Power ON"
 
Connect-VIServer -Server $vcenter > $Null
if(!(get-virole -Name "Customer Privileges" -erroraction 'silentlycontinue'))
{
if($roleset -eq "1")
{New-virole -Name "Customer Privileges" -Privilege $Privs1
Write-host "Role created with set 1 privileges"}
if($roleset -eq "2")
{New-virole -Name "Customer Privileges" -Privilege $Privs1
Write-host "Role created with set 2 privileges"}
}
else
{ write-host "Role already exists"
}

 

Leave a Reply

Your email address will not be published. Required fields are marked *

Post Navigation