Skip to main content

Roles in vcenter

Role assignment at least in my use case if very important in terms of an enterprise product such as vcenter. These roles can be combined with an Active Directory Group and applied to vsphere objects such as network and vm folders such that a given student can only access the networks and the virtual machines they have access to. In the case where multiple students need access such as in the case of a group project, we can use AD groups to facilitate that or someone can manually add 1 students to another student's VM and Network folders. This is sometimes faster.

vCenter does not have an effective way within the GUI to export and import roles, the following power CLI will need to suffice.

Role Export

$vserver="fqdn of your vcenter server"
Connect-VIServer($vserver)
$role = "name of the role"
Get-VIRole -Name $role | Get-VIPrivilege|Select-Object -ExpandProperty Id | Out-File ""$role.txt"

Role Import

#Assumption is that you are connected and have exported
$role="name of the role"                                    
$privs = @()                                          
Get-Content "$role.txt" | ForEach-Object{ $privs += $_ }
New-VIRole -Name $role                                           
Set-VIRole -Role $role -AddPrivilege (Get-VIPrivilege -Id $privs)

Heres a run using the range-user role

image-20221215071836508

image-20221215074557084