Script to Export & Import Global Permissions in a vCenter

 
Author:
Laraib Kazi
automating-global-permissions

vCenter does not have an in-built mechanism to export and import Global Permissions.
In this post, I will describe a script that I have written - globalPermissionManager.py - that performs this export/import operations for Global Permissions.

What is globalPermissionManager.py ?

The script is available on my GitHub here.

The script is used to export ALL Global Permissions from a vCenter Server Appliance to an object file, and then re-import them as needed. The primary use case for this, that I use it for is : Cross Domain Repoints to a new SSO.

William Lam has a PowerCLI script which contains two functions New-GlobalPermission and Remove-GlobalPermission, if we need to interact with global permissions using PowerCLI : https://williamlam.com/2017/03/automating-vsphere-global-permissions-with-powercli.html

However, in my experience, having a python script that just handles everything for you and requires no input for individual users or groups, is a lot more convenient. The script uses the same underlying API as the PowerCLI script created by William Lam.

What does globalPermissionManager.py do ?

The script has two operating workflows - Export and Import.

For the export operation, Any and All Global Permissions defined in a vCenter are exported to a .obj file. Since this exported file is in a custom data structure, it cannot be viewed in plain text.

For the import operation, the script required an input of the location of the obj file exported using the export flag. The import operation uses the information available in the obj file to re-add all permissions. If a particular user or group already exists, then additional permissions are added as per the obj file, but no permissions are removed. So its not an "overwrite" operation - its more of an append.

How and Where to Run globalPermissionManager.py ?

The script will need to be copied over to any vCenter that we want to run the export/import operations on, and run via SSH.

On the VC, we can run the script using the command:

# Export Operation
python globalPermissionManager.py -f -e

# Example:
python globalPermissionManager.py -f vcsa.kazilabs.com -e

# Import Operation
python globalPermissionManager.py -f -i

# Example:
python globalPermissionManager.py -f vcsa.kazilabs.com -i /home/vcsa.kazilabs.com.obj
Categories: