VMware

VMware vCenter: Get a result set of permissions/privileges for a user on an entity

Leave a comment

Hi,

sometimes you be known which permissions respectiliy privileges a vSphere User has on an entity.

The vCenter GUI has no such feature but it’s possible by PowerCli and using the AuthorizationManager.

Get an Authorization Manager View

PS D:\> $AuthManager = Get-View AuthorizationManager

The ypu need to managed object reference to an entity

PS D:\> $myVM=Get-vm myWorkingVM
PS D:\> $AuthManager.FetchUserPrivilegeOnEntities($myVM.ExtensionData.moref,"myDomain\myUser").Privileges
...
System.Anonymous
System.View
System.Read
Global.CancelTask
Folder.Create
Folder.Delete
Folder.Rename
Datastore.Browse
Datastore.AllocateSpace
Network.Assign
VirtualMachine.Inventory.Create
...

Or for a folder

PS D:\> $myvMSphereFolder=Get-Folder myVMFolder

PS D:\> $AuthManager.FetchUserPrivilegeOnEntities($myvMSphereFolder.ExtensionData.moref,"myDomain\myUser").Privileges
...
VirtualMachine.Inventory.Create
VirtualMachine.Inventory.CreateFromExisting
VirtualMachine.Inventory.Register
VirtualMachine.Inventory.Delete
VirtualMachine.Inventory.Unregister
VirtualMachine.Inventory.Move
VirtualMachine.Interact.PowerOn
VirtualMachine.Interact.PowerOff
VirtualMachine.Interact.Suspend
VirtualMachine.Interact.Reset
VirtualMachine.Interact.AnswerQuestion
VirtualMachine.Interact.ConsoleInteract
VirtualMachine.Interact.DeviceConnection
VirtualMachine.Interact.SetCDMedia
VirtualMachine.Interact.SetFloppyMedia
...

Note: This does only work for user. FetchUserPrivilegeOnEntities does not accept groupnames.

Michael

Leave a Reply