Get-VIAllPrivileges

This is a good script to easily report on privileges and can easily be extended to audit against a known good list of expected roles/priveleges.

1
2
3
4
5
6
7
8
9
10
11
12
#Must already be connected to a viserver. This works on the default vi server.
$si = Get-View ServiceInstance
$am = Get-View ($si.Content.AuthorizationManager)
 
foreach ($role in $am.RoleList)
{
    foreach ($privilege in $role.Privilege)
    {
        $role| Select-Object RoleId, System, Name,
                             @{Name="Privilege"; Expression={$privilege}}
    }
}

Leave a Comment

Your email address will not be published.