Dell.AVS.Management.psm1
|
function New-PPDM-User-Role { <# .DESCRIPTION This function allows customer to create PPDM user role #> [CmdletBinding()] [AVSAttribute(10, UpdatesSDDC = $false)] $RoleName = "ppdm_user_role" $PPDM_Privileges = @( "System.Anonymous", "System.View", "System.Read", "Alarm.Create", "Alarm.Edit", "Cryptographer.Access", "Datastore.Rename", "Datastore.Move", "Datastore.Delete", "Datastore.Browse", "Datastore.DeleteFile", "Datastore.FileManagement", "Datastore.AllocateSpace", "Datastore.Config", "Extension.Register", "Extension.Unregister", "Extension.Update", "Folder.Create", "Global.ManageCustomFields", "Global.SetCustomField", "Global.LogEvent", "Global.CancelTask", "Global.Licenses", "Global.Settings", "Global.DisableMethods", "Global.EnableMethods", "Host.Config.Storage", "InventoryService.Tagging.ObjectAttachable", "InventoryService.Tagging.AttachTag", "InventoryService.Tagging.CreateTag", "InventoryService.Tagging.CreateCategory", "Network.Config", "Network.Assign", "Resource.AssignVMToPool", "Resource.HotMigrate", "Resource.ColdMigrate", "Sessions.ValidateSession", "StorageProfile.Update", "StorageProfile.View", "Task.Create", "Task.Update", "VApp.ApplicationConfig", "VApp.Export", "VApp.Import", "VirtualMachine.Config.Rename", "VirtualMachine.Config.Annotation", "VirtualMachine.Config.AddExistingDisk", "VirtualMachine.Config.AddNewDisk", "VirtualMachine.Config.RemoveDisk", "VirtualMachine.Config.RawDevice", "VirtualMachine.Config.HostUSBDevice", "VirtualMachine.Config.CPUCount", "VirtualMachine.Config.Memory", "VirtualMachine.Config.AddRemoveDevice", "VirtualMachine.Config.EditDevice", "VirtualMachine.Config.Settings", "VirtualMachine.Config.Resource", "VirtualMachine.Config.UpgradeVirtualHardware", "VirtualMachine.Config.ResetGuestInfo", "VirtualMachine.Config.AdvancedConfig", "VirtualMachine.Config.DiskLease", "VirtualMachine.Config.SwapPlacement", "VirtualMachine.Config.DiskExtend", "VirtualMachine.Config.ChangeTracking", "VirtualMachine.Config.ReloadFromPath", "VirtualMachine.Config.ManagedBy", "VirtualMachine.GuestOperations.Query", "VirtualMachine.GuestOperations.Modify", "VirtualMachine.GuestOperations.Execute", "VirtualMachine.Interact.PowerOn", "VirtualMachine.Interact.PowerOff", "VirtualMachine.Interact.Reset", "VirtualMachine.Interact.ConsoleInteract", "VirtualMachine.Interact.DeviceConnection", "VirtualMachine.Interact.SetCDMedia", "VirtualMachine.Interact.ToolsInstall", "VirtualMachine.Interact.GuestControl", "VirtualMachine.Inventory.Create", "VirtualMachine.Inventory.Register", "VirtualMachine.Inventory.Delete", "VirtualMachine.Inventory.Unregister", "VirtualMachine.Provisioning.MarkAsTemplate", "VirtualMachine.Provisioning.DiskRandomAccess", "VirtualMachine.Provisioning.DiskRandomRead", "VirtualMachine.Provisioning.GetVmFiles", "VirtualMachine.State.CreateSnapshot", "VirtualMachine.State.RevertToSnapshot", "VirtualMachine.State.RemoveSnapshot", "Host.Config.Patch", "Host.Config.Image", "vSphereDataProtection.Protection", "Host.Config.NetService", "vSphereDataProtection.Recovery" ) Write-Host "Creating new role $RoleName with predefined privileges" $role = New-VIRole -Privilege (Get-VIPrivilege -Id $PPDM_Privileges) -Name $RoleName Write-Host "Created new role $RoleName with predefined privileges" } function Set-PPDMUserPermission { <# .DESCRIPTION This function allows customer to assign a PPDM user role to a User. #> [CmdletBinding()] [AVSAttribute(10, UpdatesSDDC = $false)] Param ( [Parameter(Mandatory = $true, HelpMessage = "The name of the custom User.")] [string] $UserName ) $RoleName = "ppdm_user_role" if ($UserName -like "cloudadmin") { Write-Error "Cannot update CloudAdmin privileges" return } Write-Host "Setting role $RoleName to $UserName" $role = Get-VIRole -Name $RoleName $rootFolder = Get-Folder -NoRecursion $permission = New-VIPermission -Entity $rootFolder -Principal $UserName -Role $role -Propagate:$true Write-Host "Set role $RoleName to $UserName" } |