Script: Create New Role in vCenter Using PowerShell or Powercli and Create New Permission and Role whilst adding a user to global permissions – VirtuallyThatGuy

Posted on by VirtuallyThatGuy

Further more, I have also included a more comprehensive version for creating a new role in vcenter , new permission and adding a new user using powershell off my last post. This post is about Creating New Role in vCenter Using PowerShell or Powercli and Create New Permission and Role whilst adding a user to global permissions

#
# PowerCLI script to create Lab Role which includes required permissions
# and assign Lab Service Account to Role
# Usage Create_Lab_Role.ps1 -vCenter vCenterFQDNorIP -Username ServiceAccountName -Domain AuthenticationDomain
 
# Get Commandline Parameters - All are required - Make all Mandatory so 
param(
 [Parameter(Mandatory=$true)][string]$vCenter,
 [Parameter(Mandatory=$true)][string]$Username,
 [Parameter(Mandatory=$true)][string]$Domain
)
 
clear-host
 
$usage = "Create_Lab_Role.ps1 -vCenter vCenterFQDNorIP -Username LabServiceAccountName -Domain AuthenticationDomain"
$example = 'Create_Lab_Role.ps1 -vCenter "vcenter.acme.local" -Username svtuser -Domain acme'
 
Write-Host "PowerCLI script to create Lab Role which includes required privileges and assigns the Lab Service Account to Role" -ForeGroundColor Cyan 
 
if ( !$vCenter -or !$Username -or !$Domain ) {
  write-host `n `n"Missing Required Parameter - vCenter, Username, and Domain are required." `n -ForeGroundColor Red
  write-host "Usage: $usage" `n
  write-host "Example: $example" `n
  exit
}
  
$vCenterFQDN = $vCenter
 
# Lab Service Account User
#The Lab User account is a non-login, privileged, vCenter Server account that you specify during deployment. OmniCube uses this account to execute privileged tasks. 
$Lab_User = "$Domain\$Username"
 
# Lab Role Name
$Lab_Role = "Lab"
 
#Privileges to assign to role
#See the Lab OmniCube Administrators Guide for Required Permissions
$Lab_Privileges = @(
'Alarm.Create',
'Alarm.DisableActions',
'Alarm.Edit',
'Alarm.SetStatus',
'Alarm.Delete',
'Extension.Register',
'Extension.Update',
'Extension.Unregister',
'Global.Health',
'Global.LogEvent',
'Global.ManageCustomFields',
'Global.SetCustomField',
'Global.Diagnostics',
'Host.Cim.CimInteraction',
'Task.Create',
'Task.Update',
'VApp.AssignVApp',
'VApp.Unregister',
'VApp.ApplicationConfig',
'VirtualMachine.Config.ManagedBy',
'VirtualMachine.Config.Settings',
'VirtualMachine.State.RemoveSnapshot',
'VirtualMachine.State.CreateSnapshot')
 
Write-Host "Connecting to vCenter at $vCenterFQDN"`n -ForeGroundColor Cyan
Connect-VIServer $vCenterFQDN | Out-Null
 
Write-Host "Create New $Lab_Role Role"`n -ForeGroundColor Cyan 
New-VIRole -Name $Lab_Role -Privilege (Get-VIPrivilege -id $Lab_Privileges) | Out-Null
 
Write-Host "Set Permissions for $Lab_User using the new $Lab_Role Role"`n -ForeGroundColor Cyan
#Get the Root Folder
$rootFolder = Get-Folder -NoRecursion
#Create the Permission
New-VIPermission -Entity $rootFolder -Principal $Lab_User -Role "Lab" -Propagate:$true | Out-Null
 
#Disconnect from the vCenter Server
Write-Host "Disconnecting from vCenter at $vCenterFQDN"`n -ForeGroundColor Cyan
Disconnect-VIServer $vCenterFQDN -Confirm:$false
 
#End

Leave a Reply

Your email address will not be published. Required fields are marked *