Further more, I have also included a more comprehensive version for creating a new role in vcenter , new permission and adding a new user using powershell off my last post. This post is about Creating New Role in vCenter Using PowerShell or Powercli and Create New Permission and Role whilst adding a user to global permissions
#
# PowerCLI script to create Lab Role which includes required permissions
# and assign Lab Service Account to Role
# Usage Create_Lab_Role.ps1 -vCenter vCenterFQDNorIP -Username ServiceAccountName -Domain AuthenticationDomain
# Get Commandline Parameters - All are required - Make all Mandatory so
param(
[Parameter(Mandatory=$true)][string]$vCenter,
[Parameter(Mandatory=$true)][string]$Username,
[Parameter(Mandatory=$true)][string]$Domain
)
clear-host
$usage = "Create_Lab_Role.ps1 -vCenter vCenterFQDNorIP -Username LabServiceAccountName -Domain AuthenticationDomain"
$example = 'Create_Lab_Role.ps1 -vCenter "vcenter.acme.local" -Username svtuser -Domain acme'
Write-Host "PowerCLI script to create Lab Role which includes required privileges and assigns the Lab Service Account to Role" -ForeGroundColor Cyan
if ( !$vCenter -or !$Username -or !$Domain ) {
write-host `n `n"Missing Required Parameter - vCenter, Username, and Domain are required." `n -ForeGroundColor Red
write-host "Usage: $usage" `n
write-host "Example: $example" `n
exit
}
$vCenterFQDN = $vCenter
# Lab Service Account User
#The Lab User account is a non-login, privileged, vCenter Server account that you specify during deployment. OmniCube uses this account to execute privileged tasks.
$Lab_User = "$Domain\$Username"
# Lab Role Name
$Lab_Role = "Lab"
#Privileges to assign to role
#See the Lab OmniCube Administrators Guide for Required Permissions
$Lab_Privileges = @(
'Alarm.Create',
'Alarm.DisableActions',
'Alarm.Edit',
'Alarm.SetStatus',
'Alarm.Delete',
'Extension.Register',
'Extension.Update',
'Extension.Unregister',
'Global.Health',
'Global.LogEvent',
'Global.ManageCustomFields',
'Global.SetCustomField',
'Global.Diagnostics',
'Host.Cim.CimInteraction',
'Task.Create',
'Task.Update',
'VApp.AssignVApp',
'VApp.Unregister',
'VApp.ApplicationConfig',
'VirtualMachine.Config.ManagedBy',
'VirtualMachine.Config.Settings',
'VirtualMachine.State.RemoveSnapshot',
'VirtualMachine.State.CreateSnapshot')
Write-Host "Connecting to vCenter at $vCenterFQDN"`n -ForeGroundColor Cyan
Connect-VIServer $vCenterFQDN | Out-Null
Write-Host "Create New $Lab_Role Role"`n -ForeGroundColor Cyan
New-VIRole -Name $Lab_Role -Privilege (Get-VIPrivilege -id $Lab_Privileges) | Out-Null
Write-Host "Set Permissions for $Lab_User using the new $Lab_Role Role"`n -ForeGroundColor Cyan
#Get the Root Folder
$rootFolder = Get-Folder -NoRecursion
#Create the Permission
New-VIPermission -Entity $rootFolder -Principal $Lab_User -Role "Lab" -Propagate:$true | Out-Null
#Disconnect from the vCenter Server
Write-Host "Disconnecting from vCenter at $vCenterFQDN"`n -ForeGroundColor Cyan
Disconnect-VIServer $vCenterFQDN -Confirm:$false
#End