Forums
VHT Forums
VMware vSphere help
PowerCLI script to ...
 
Notifications
Clear all

PowerCLI script to create role and permissions needed for VMware Aria Operations Manager

 
VMware vSphere help
Last Post by Brandon Lee 11 hours ago
1 Posts
1 Users
0 Reactions
8 Views
RSS
Brandon Lee
Posts: 430
 Brandon Lee
Admin
Topic starter
Jan 14, 2025 10:26 am
(@brandon-lee)
Member
Joined: 14 years ago

If you look at the Broadcom KB article that defines the permissions needed for your vrops user that you use to connect your vrops environment with vCenter Server, there are quite a few permissions needed.

You can find the Broadcom KB here: Privileges Required for Configuring a vCenter Adapter Instance.

Creating a custom role with these permissions by hand can be cumbersome. Below is a script to create the role with the permissions needed for VMware Aria Operations.

Hopefully, this will allow you to shortcut the process of creating permissions manually:

# Variables
$vcenterServer = "vcenter.yourdomain.com" # Replace with your vCenter server
$roleName = "vROps Role" # Replace with the desired role name

# Permissions list (from VMware documentation)
$permissions = @(
    "Global.Diagnostics",
    "Global.Licenses",
    "Global.Settings",
    "Host.Config.Network",
    "Host.Config.Storage",
    "Host.Inventory.AddHostToCluster",
    "Host.Inventory.AddStandaloneHost",
    "Host.Inventory.CreateCluster",
    "Host.Inventory.DeleteHost",
    "Host.Inventory.EditCluster",
    "Network.Assign",
    "Resource.AssignVMToPool",
    "Resource.HotMigrate",
    "Resource.ModifyQuota",
    "Resource.Move",
    "Resource.Rename",
    "System.Anonymous",
    "System.Read",
    "System.View",
    "System.Write",
    "Task.Create",
    "Task.Update",
    "VirtualMachine.Interact.PowerOff",
    "VirtualMachine.Interact.PowerOn",
    "VirtualMachine.Inventory.Create",
    "VirtualMachine.Inventory.CreateFromExisting",
    "VirtualMachine.Inventory.Delete",
    "VirtualMachine.Inventory.Register",
    "VirtualMachine.Inventory.Unregister",
    "VirtualMachine.Provisioning.Clone",
    "VirtualMachine.Provisioning.CloneTemplate",
    "VirtualMachine.Provisioning.Customize",
    "VirtualMachine.State.Reset",
    "VirtualMachine.State.Suspend"
)

# Connect to vCenter
Connect-VIServer -Server $vcenterServer

# Check if the role already exists
$role = Get-VIRole | Where-Object { $_.Name -eq $roleName }
if (-not $role) {
    # Create the role with the specified privileges
    Write-Host "Creating role: $roleName"
    $role = New-VIRole -Name $roleName -Privilege (Get-VIPrivilege | Where-Object { $_.Id -in $permissions })
} else {
    Write-Host "Role $roleName already exists"
}

Write-Host "Script execution completed! The role '$roleName' has been created or verified. Assign the role manually to the desired user."

Once you have created the role and name it what you want, you can assign this role to your user in vCenter Server permissions.

Topic Tags
vmware aria operations manager powercli
Forum Jump:
  Previous Topic
Related Topics
Topic Tags:  vmware aria (1) , operations manager (1) , powercli (2) ,

Recently viewed by users: Brandon Lee 1 hour ago.

© Copyright 2025, All Rights Reserved  | VirtualizationHowto.com