VxRAIL Roles Script

1 minute read

In this article, I will provide an easy script to create the required roles when you use an external vCenter in VxRAIL.

N.B : This script works for VxRail 4.7.x. This can change depending on the features/requirement that VxRAIL will implement in the future.

#
# This is a script to create the required roles for VxRAIL users when an external vCenter is required.
# Made by Jonathan Gautier on the 08/04/2019
#

Write-Host "This is a PowerCLI Script to create the required roles for VxRAIL" -ForeGroundColor Cyan 
 
$vcenter = Read-Host -Prompt 'Input your vCenter server FQDN or IP Address'

#VxRail Initial Gobal Role Name
$vxrailrole1 = "VxRail Initial Global"
#VxRail DC Gobal Role Name
$vxrailrole2 = "VxRail Datacenter Global"

$initglobal = @(
'Host.Config.Network',
'Host.Config.Power',
'Host.Config.Settings',
'Host.Config.Storage',
'Host.Config.SystemManagement',
'Host.Inventory.AddHostToCluster',
'Host.Inventory.EditCluster',
'Host.Inventory.RemoveHostFromCluster',
'Network.Assign',
'Resource.ColdMigrate',
'Resource.HotMigrate',
'StorageProfile.Update',
'StorageProfile.View',
'System.Anonymous',
'System.Read',
'System.View',
'VApp.ApplicationConfig',
'VApp.ExtractOvfEnvironment',
'VApp.Import',
'VirtualMachine.Config.AddExistingDisk',
'VirtualMachine.Config.AddNewDisk',
'VirtualMachine.Config.AddRemoveDevice',
'VirtualMachine.Config.AdvancedConfig',
'VirtualMachine.Config.Annotation',
'VirtualMachine.Config.CPUCount',
'VirtualMachine.Config.ChangeTracking',
'VirtualMachine.Config.DiskExtend',
'VirtualMachine.Config.DiskLease',
'VirtualMachine.Config.EditDevice',
'VirtualMachine.Config.HostUSBDevice',
'VirtualMachine.Config.ManagedBy',
'VirtualMachine.Config.Memory',
'VirtualMachine.Config.MksControl',
'VirtualMachine.Config.QueryFTCompatibility',
'VirtualMachine.Config.QueryUnownedFiles',
'VirtualMachine.Config.RawDevice',
'VirtualMachine.Config.ReloadFromPath',
'VirtualMachine.Config.RemoveDisk',
'VirtualMachine.Config.Rename',
'VirtualMachine.Config.ResetGuestInfo',
'VirtualMachine.Config.Resource',
'VirtualMachine.Config.Settings',
'VirtualMachine.Config.SwapPlacement',
'VirtualMachine.Config.ToggleForkParent',
'VirtualMachine.Config.UpgradeVirtualHardware',
'VirtualMachine.GuestOperations.Execute',
'VirtualMachine.GuestOperations.Modify',
'VirtualMachine.GuestOperations.ModifyAliases',
'VirtualMachine.GuestOperations.Query',
'VirtualMachine.GuestOperations.QueryAliases',
'VirtualMachine.Interact.AnswerQuestion',
'VirtualMachine.Interact.ConsoleInteract',
'VirtualMachine.Interact.DeviceConnection',
'VirtualMachine.Interact.GuestControl',
'VirtualMachine.Interact.PowerOff',
'VirtualMachine.Interact.PowerOn',
'VirtualMachine.Interact.SetCDMedia',
'VirtualMachine.Inventory.Delete',
'VirtualMachine.Inventory.Unregister',
'VirtualMachine.State.CreateSnapshot',
'VirtualMachine.State.RemoveSnapshot'
)


$dcglobal = @(
'Alarm.SetStatus',
'DVPortgroup.Create',
'DVPortgroup.Modify',
'DVSwitch.Create',
'DVSwitch.HostOp',
'DVSwitch.Modify',
'DVSwitch.ResourceManagement',
'Datastore.Rename',
'Folder.Create',
'Folder.Delete',
'Global.Settings',
'Host.Config.AutoStart',
'Host.Config.NetService',
'Host.Config.Network',
'Host.Config.Storage',
'Host.Inventory.AddHostToCluster',
'Host.Inventory.CreateCluster',
'Host.Inventory.EditCluster',
'Host.Inventory.RemoveHostFromCluster',
'Network.Assign',
'System.Anonymous',
'System.Read',
'System.View',
'VirtualMachine.Config.AddNewDisk',
'VirtualMachine.Config.EditDevice',
'VirtualMachine.Config.Settings',
'VirtualMachine.Interact.PowerOff',
'VirtualMachine.Interact.PowerOn',
'VirtualMachine.Inventory.Create',
'VirtualMachine.Inventory.Delete',
'VirtualMachine.Inventory.Unregister'
)

Write-Host "Connecting to vCenter at $vCenter"`n -ForeGroundColor Cyan
Connect-VIServer $vCenter | Out-Null

Write-Host "Create New $vxrailrole1 Role"`n -ForeGroundColor Cyan
New-VIRole -Name $vxrailrole1 -Privilege (Get-VIPrivilege -id $initglobal) | Out-Null

Write-Host "Create New $vxrailrole2 Role"`n -ForeGroundColor Cyan
New-VIRole -Name $vxrailrole2 -Privilege (Get-VIPrivilege -id $dcglobal) | Out-Null

Write-Host "Disconnecting from vCenter $vcenter"`n -ForeGroundColor Cyan
Disconnect-VIServer $vCenter -Confirm:$false

The rest of the procedure to apply the roles/permissionsa are available in Solve.

Hope this helps.