During one of the activity we performed in our orgnaziation to rebuild Virtual Center, we faced issue that few of the admins were reporting access issue. It was because if we rebuild virtual center, it didn't add existing Roles and Permissions in Virtual Center. Hence I planned to export roles from one vcenter to this newly rebuilt vcenter. However creating manual roles and adding to permission take longer if we have large number of users listed in ACL. Hence performed automation through below script to reduce manual efforts. It worked perfectly and save few hours.
# Variables
$VC1="vCenter1"
$VC2="vCenter2"
# Set the PowerCLI Configuration to connect to multiple vCenters
Set-PowerCLIConfiguration -DefaultVIServerMode multiple -Confirm:$false
# Connect to both the source and destination vCenters
connect-viserver -server $VC1, $VC2
# Get roles to transfer
$roles = get-virole -server $VC1
# Get role Privileges
foreach ($role in $roles) {
[string[]]$privsforRoleAfromVC1=Get-VIPrivilege -Role (Get-VIRole -Name $role -server $VC1) |%{$_.id}
# Create new role in VC2
New-VIRole -name $role -Server $VC2
# Add Privileges to new role.
Set-VIRole -role (get-virole -Name $role -Server $VC2) -AddPrivilege (get-viprivilege -id $privsforRoleAfromVC1 -server $VC2)
}
disconnect-viserver –server $VC1, $VC2