Copy Permissions, Privileges & Roles from One vCenter to Multiple vCenters

When managing multiple vCenters, I needed to ensure there was consistency with all my permissions, privileges, roles. Setting these up manually can be very time consuming. Using the below method, you will only need to configure these once and then run the script to configure automatically on multiple target vCenters.

The below script will copy specified permissions, privileges and roles from a source vCenter to a mulitple target vCenters.

Pre-requisite: Update Source vCenter and Target vCenter(s)

# Script author: shanemarsh.co.uk

Import-Module -Name VMware.VimAutomation.Core

# Source vCenter
$sourceVC = "vcenter1"

# Target vCenter(s)
$VCs = @("vcenter2",
         "vcenter3",
         "vcenter4",
         "vcenter5"
         )

$creds = Get-Credential -Message 'vCenter Server Credentials'

# Name of the role that you want to copy
$role = Read-Host "Full name of Role to copy"

# Account you want to give permission to
$account = Read-Host "Full account name of who you'd like to give permission to"

foreach($targetVC in $VCs){

    # Connect to vCenters
    Connect-VIserver -Server "$sourceVC","$targetVC" -Credential $creds

    # Get Role Info (List of privs, etc)
    Get-VIrole -Name "$role" -Server "$sourceVC"  | fl *
    
    # Copy List Of Privs
    [string[]]$privsforrole1fromsourceVC=Get-VIPrivilege -Role (Get-VIRole -Name $role -server "$sourceVC") |%{$_.id}

    # Create New Blank Role on other VC(s)
    New-VIRole -Name "$role" -Server "$targetVC"

    # Copy Privs to Blank Role
    Set-VIRole -role (get-virole -Name $role -Server $targetVC) -AddPrivilege (get-viprivilege -id $privsforrole1fromsourceVC -server $targetVC)

    # Check that the role copied successfully
    (Get-VIRole -Name $role -Server $sourceVC).PrivilegeList.Count
    (Get-VIRole -Name $role -Server $targetVC).PrivilegeList.Count

    # Folder to set permission on (if no name is specified, then it uses the vCenter root)
    $folder= Get-Folder -NoRecursion -server $targetVC

    # Setting permission on folder
    New-VIPermission -Role $role -Principal $account -Entity $folder -Propagate:$true

    # Disconnect from looped vCenter(s)
    Disconnect-VIServer -server $targetVC -confirm:$false
}

# Disconnect from sourceVC
Disconnect-VIServer $sourceVC -confirm:$false


## END OF SCRIPT ##

Download Script

If you have any questions or would like any assistance with this script, leave a comment below and I’ll get back to you ASAP.

Leave a Reply

Your email address will not be published. Required fields are marked *