Hi,
sometimes you be known which permissions respectiliy privileges a vSphere User has on an entity.
The vCenter GUI has no such feature but it’s possible by PowerCli and using the AuthorizationManager.
Get an Authorization Manager View
1 | PS D:\> $AuthManager = Get-View AuthorizationManager |
The ypu need to managed object reference to an entity
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 | PS D:\> $myVM=Get-vm myWorkingVMPS D:\> $AuthManager.FetchUserPrivilegeOnEntities($myVM.ExtensionData.moref,"myDomain\myUser").Privileges...System.AnonymousSystem.ViewSystem.ReadGlobal.CancelTaskFolder.CreateFolder.DeleteFolder.RenameDatastore.BrowseDatastore.AllocateSpaceNetwork.AssignVirtualMachine.Inventory.Create... |
Or for a folder
1 | PS D:\> $myvMSphereFolder=Get-Folder myVMFolder |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 | PS D:\> $AuthManager.FetchUserPrivilegeOnEntities($myvMSphereFolder.ExtensionData.moref,"myDomain\myUser").Privileges...VirtualMachine.Inventory.CreateVirtualMachine.Inventory.CreateFromExistingVirtualMachine.Inventory.RegisterVirtualMachine.Inventory.DeleteVirtualMachine.Inventory.UnregisterVirtualMachine.Inventory.MoveVirtualMachine.Interact.PowerOnVirtualMachine.Interact.PowerOffVirtualMachine.Interact.SuspendVirtualMachine.Interact.ResetVirtualMachine.Interact.AnswerQuestionVirtualMachine.Interact.ConsoleInteractVirtualMachine.Interact.DeviceConnectionVirtualMachine.Interact.SetCDMediaVirtualMachine.Interact.SetFloppyMedia... |
Note: This does only work for user. FetchUserPrivilegeOnEntities does not accept groupnames.
Michael