Creating vCenter Role/Permissions with PowerCLI

Hey all – been too long! Busy as usual, but wanted to make a quick post. I have been testing NSX-T extensively and have built several nested labs in order to do so. However, I like to build out the solution as I would in a production environment which means creating an Active Directory authenticated service account for NSX-T functions. Since I have been rolling this lab around a lot I figured I’d create the role for the user via PowerCLI rather than churn through the UI for the privileges.

The required privileges per the NSX-T 2.4 Installation Guide are:

Extension.Register extension
Extension.Unregister extension
Extension.Update extension
Sessions.Message
Sessions.Validate session
Sessions.View and stop sessions
Host.Configuration.Maintenance
Host.Local Operations.Create virtual machine
Host.Local Operations.Delete virtual machine
Host.Local Operations.Reconfigure virtual machine
Tasks
Scheduled task
Global.Cancel task
Permissions.Reassign role permissions
Resource.Assign vApp to resource pool
Resource.Assign virtual machine to resource pool
Virtual Machine.Configuration
Virtual Machine.Guest Operations
Virtual Machine.Provisioning
Virtual Machine.Inventory
Network.Assign network
vApp

This makes things simple for PowerCLI however these are not the actual IDs of the privileges needed. I’ve done the legwork and grabbed the actual IDs and created a dirty one-liner:

New-VIRole -Name "NSX-T Test Role 2" -Privilege (Get-VIPrivilege -Id Extension.Register,Extension.Unregister,Extension.Update,Sessions.GlobalMessage,Sessions.ValidateSession,Sessions.TerminateSessioniew,Host.Config.Maintenance,Host.Local.CreateVM,Host.Local.DeleteVM,Host.Local.ReconfigVM,Task,Task.Create,Task.Update,ScheduledTask,ScheduledTask.Create,ScheduledTask.Delete,ScheduledTask.Edit,ScheduledTask.Run,Global.CancelTask,Authorization.ReassignRolePermissions,Resource.AssignVAppToPool,Resource.AssignVMToPool,VirtualMachine.Config,VirtualMachine.GuestOperations,VirtualMachine.Provisioning,VirtualMachine.Inventory,Network.Assign,vApp)

Author: Jon

Share This Post On

Submit a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.