by Grzegorz Kulikowski

This is only usefull if you get into problems with VC, if everything is ok then powercli cmdlet is more than enough for managing permissions. I could not do it via powercli cmdlet because i was receving error (user already exists, which is sort of true, but that due to the ‘issue’ i had).
Kudos to William Lam LINK He was describing accessing other methods, really helpful article for what i had to do.
Via powershell you will be calling methods in the same way as you would do it via mob(via your web browser)
The way i did this particular one is that , first you would have to login to VC, then get permissions in some variable so , $perms=get-vipermission
Then you would call it readd-permission -permission $perms[4]
for example. if would transform the [domain]\username to []\username and later on will add the permission on exactly the same object, in the same way as the permission you are sending was built. I also left 1 parameter if you want to edit on the fly the username , so with: -user ‘shortdomain\username’ you will be replacing the current user on the permission you sent to the function.
I don’t want to go too deep with the issue i had but, all in all i had issues with not being able to search entities (any kind, vm, network, datastore,host).
[sourcecode language=”powershell”]
function readd-permission{
$domain = (((([ADSI]"LDAP://$udomain").DistinguishedName).Split(‘DC=’)).replace(‘,’,”) |?{$_}) -join ‘.’
[regex]$pattern = ‘-‘
$goodentity = [uri]::EscapeDataString($pattern.replace($entity,’:’,1))
$mob_url = "https://$vcenter/invsvc/mob3/?moid=authorizationService&method=AuthorizationService.AddAccessControlList"
$sessionnonce = (Invoke-WebRequest -Uri $mob_url -SessionVariable vmware -Credential $cred -Method GET).inputfields[0].value
$iuuid = $global:DefaultVIServer.InstanceUuid
$body = @"
Invoke-WebRequest -Uri $mob_url -WebSession $vmware -Method POST -Body $body
$result = (get-view -id $entity).permission
return $result

before running this , you would already need the $cred variable prepared + ignore ssl issue
[sourcecode language=”powershell”]
add-type @"
using System.Net;
using System.Security.Cryptography.X509Certificates;

public class IDontCarePolicy : ICertificatePolicy {
public IDontCarePolicy() {}
public bool CheckValidationResult(
ServicePoint sPoint, X509Certificate cert,
WebRequest wRequest, int certProb) {
return true;
[System.Net.ServicePointManager]::CertificatePolicy = new-object IDontCarePolicy
$cred = get-credential

You may also like

Leave a Reply

Chinese (Simplified)EnglishFrenchGermanHindiPolishSpanish