Re: Import vCenter Permissions via XML

Thank you for the quick reply LucD. Here are the scripts I am using:

###Export###

$outputdir = "C:\Support\Roles\"

# Root of the XML file
$global:vInventory = [xml]"<Inventory></Inventory>"

# Functions
function New-XmlNode{
param($node, $nodeName)
$tmp = $global:vInventory.CreateElement($nodeName)
$node.AppendChild($tmp)
}

function Set-XmlAttribute{
param($node, $name, $value)
$node.SetAttribute($name, $value)
}
function Get-XmlNode{
param ($path)
$global:vInventory.SelectNodes($path)
}

function Get-Roles{
  begin{    $authMgr = Get-View AuthorizationManager    $report = @()  }  process{    foreach($role in $authMgr.roleList){      $ret = New-Object PSObject      $ret | Add-Member -Type noteproperty -Name "Name" -Value $role.name      $ret | Add-Member -Type noteproperty -Name "Label" -Value $role.info.label      $ret | Add-Member -Type noteproperty -Name "Summary" -Value $role.info.summary      $ret | Add-Member -Type noteproperty -Name "RoleId" -Value $role.roleId      $ret | Add-Member -Type noteproperty -Name "System" -Value $role.system      $ret | Add-Member -Type noteproperty -Name "Privilege" -Value $role.privilege      $report += $ret    }  }  end{    return $report  }
}
function Get-Permissions
{  begin{    $report = @()    $authMgr = Get-View AuthorizationManager    $roleHash = @{}    $authMgr.RoleList | %{      $roleHash[$_.RoleId] = $_.Name    }  }  process{    $perms = $authMgr.RetrieveAllPermissions()    foreach($perm in $perms){      $ret = New-Object PSObject      $entity = Get-View $perm.Entity      $ret | Add-Member -Type noteproperty -Name "Entity" -Value $entity.Name      $ret | Add-Member -Type noteproperty -Name "EntityType" -Value $entity.gettype().Name      $ret | Add-Member -Type noteproperty -Name "Group" -Value $perm.Group      $ret | Add-Member -Type noteproperty -Name "Principal" -Value $perm.Principal      $ret | Add-Member -Type noteproperty -Name "Propagate" -Value $perm.Propagate      $ret | Add-Member -Type noteproperty -Name "Role" -Value $roleHash[$perm.RoleId]      $report += $ret    }  }  end{    return $report  }
}
$global:vInventory = [xml]"<Inventory><Roles/><Permissions/></Inventory>"

# Main
# Roles
  $XMLRoles = Get-XmlNode "Inventory/Roles"
Get-Roles | where {-not $_.System} | % {  $XMLRole = New-XmlNode $XMLRoles "Role"  Set-XmlAttribute $XMLRole "Name" $_.Name  Set-XmlAttribute $XMLRole "Label" $_.Label  Set-XmlAttribute $XMLRole "Summary" $_.Summary  $_.Privilege | % {    $XMLPrivilege = New-XmlNode $XMLRole "Privilege"    Set-XmlAttribute $XMLPrivilege "Name" $_  }
}

# Permissions
$XMLPermissions = Get-XmlNode "Inventory/Permissions"
Get-Permissions | % {
  $XMLPerm = New-XmlNode $XMLPermissions "Permission"  Set-XmlAttribute $XMLPerm "Entity" $_.Entity  Set-XmlAttribute $XMLPerm "EntityType" $_.EntityType  Set-XmlAttribute $XMLPerm "Group" $_.Group  Set-XmlAttribute $XMLPerm "Principal" $_.Principal  Set-XmlAttribute $XMLPerm "Propagate" $_.Propagate  Set-XmlAttribute $XMLPerm "Role" $_.Role
}

# Create XML file
$global:vInventory.Save($outputdir + "vcenter.xml")

###Import###

# Functions
function New-Role
{
    param($name, $privIds)    Begin{}    Process{        $roleId = $authMgr.AddAuthorizationRole($name,$privIds)    }    End{        return $roleId    }
}

function Set-Permission
{
param(
[VMware.Vim.ManagedEntity]$object,
[VMware.Vim.Permission]$permission
)
Begin{}
Process{
    $perms = $authMgr.SetEntityPermissions($object.MoRef,@($permission))
}
End{    return
}
}

# Main
# Create hash table with the current roles
$authMgr = Get-View AuthorizationManager
$roleHash = @{}
$authMgr.RoleList | % {
    $roleHash[$_.Name] = $_.RoleId
}

# Read XML file
$XMLfile = "C:\Support\Roles\vcenter.xml"
$vInventory = [xml]"<dummy/>"
$vInventory.Load($XMLfile)

# Define Xpaths for the roles and the permissions
$XpathRoles = "Inventory/Roles/Role"
$XpathPermissions = "Inventory/Permissions/Permission"

# Create custom roles
$vInventory.SelectNodes($XpathRoles) | % {
    if(-not $roleHash.ContainsKey($_.Name)){        $privArray = @()        $_.Privilege | % {            $privArray += $_.Name        }        $roleHash[$_.Name] = (New-Role $_.Name $privArray)    }
}

# Set permissions
$vInventory.SelectNodes($XpathPermissions) | % {
    $perm = New-Object VMware.Vim.Permission    $perm.group = &{if ($_.Group -eq "true") {$true} else {$false}}    $perm.principal = $_.Principal    $perm.propagate = &{if($_.Propagate -eq "true") {$true} else {$false}}    $perm.roleId = $roleHash[$_.Role]    $EntityName = $_.Entity.Replace("(","\(").Replace(")","\)")    $EntityName = $EntityName.Replace("[","\[").Replace("]","\]")    $EntityName = $EntityName.Replace("{","\{").Replace("}","\}")    $entity = Get-View -ViewType $_.EntityType -Filter @{"Name"=("^" + $EntityName + "$")}    Set-Permission $entity $perm
}