VMware Role Tool to Verify Permissions to the Roles

  • 7018547
  • 30-Jan-2017
  • 30-Jan-2017

Environment

PlateSpin Migrate 12.x
PlateSpin Protect 11.x

Situation

This article discusses about how to use the PlateSpin VMware role tool to verify, modify, or create permission for the VMware roles.

Resolution

See the instructions below to use the VMware role tool.


Tool Execution:

Execute the following command using the suggested parameters:

PlateSpin.VMwareRoleTool.exe /host=[ip address of vcenter or esx host] /user=[username] /role=PlateSpinRole.xml /interactive


Parameter Explanation:

/host – IP address of the VMWare Server
/user – User name of an administrator account. 
/role -  File name of the file that provides the role's permissions. Use the PlateSpinRole.xml file unless you are advised to use a different file.
/interactive – Runs the command shell for the tool. This is the recommended option for running the tool as provides a menu to execute various options within a single execution of the tool.
/help – Displays information on additional parameters not described here


Tool Menu:

The tool menu contains two the top level options when ran in interactive mode (/interactive).

Main Menu:

Select a PlateSpin Role
Display Server Defined Privileges

This first option is for Select a PlateSpin Role



Under Select a PlateSpin Role, menu option for the roles:

PlateSpin Virtual Machine Manager
PlateSpin Virtual Infrastructure Manager
PlateSpin User



Once the PlateSpin role is selected, the options for the roles are:

Create Role - This option will create the selected role with the required permissions listed in the PlatespinRole.xml file.
Compare with existing Role – This option will allow you to verify if an existing role is compatible with the selected PlateSpin Role.
List existing compatible Roles – This option will display a list of all existing roles that are compatible with the selected PlateSpin Role.





The second option in the root menu (Display Server Defined Privileges) simply displays a list of defined privileges on the server. To view the complete list of privileges it may be necessary to press the space bar.



PlateSpin Role Tool:


The steps for PlateSpin Virtual Manager or PlateSpin Virtual Infrastructure Manger roles are the same as the PlateSpin User Roles.  To create, compare or list the PlateSpin Roles,  execute the tool.

Execute the following command using the suggested parameters:



This first option is for Select a PlateSpin Role

Under Select a PlateSpin Role, menu option for the roles:
Select PlateSpin Virtual Machine Manager
Select Compare with existing roles
Then selecting a role to compare and press Enter





Create Role:

     1.  To create the desired role select, “Select a PlateSpin Role”.
     2.  Select the PlateSpin User role.
     3.  Select “Create Role”.
     4.  Press Enter when prompted to return to the action menu.

     Note: If the “PlateSpin User” was already created, a message stating it already exists will be displayed.

Compare with existing Roles:

     1.  From the action menu select ,”Compare with existing Roles”.
     2.  Select an existing role to compare to the PlateSpin configured roles.  If the existing role is compatible, you will be notified with a message "Role "<your role>" is compatible with "<selected PlateSpin role>"
     3.  Repeat the same process for any other roles you want to query. 
     4.  Press enter to scroll through the listed privileges and return to the Actions menu.

List existing compatible roles:

     1.  Select “List existing compatible roles” and press enter to show the compatible roles. As expected, the Admin is compatible to the PlateSpin User.
     2.  Press enter to return to the actions menu.
     3.  Press escape to return to the PlateSpin Roles menu to check another role Or press escape to return to the top menu.
     4.  To exit the program hit [ESC] as required until the program exits.