Create a vSphere Role and Assign Permissions to a User

With PowerCLI, you can automate management of vSphere permissions, roles, and privileges.

Note: vSphere permissions determine your level of access to vCenter Server, and ESXi hosts. Privileges define individual rights to perform actions and access object properties. Roles are predefined sets of privileges.

Prerequisites

Verify that you are connected to a vCenter Server system.

Procedure

Get the privileges of the Readonly role.

$readOnlyPrivileges = Get-VIPrivilege -Role Readonly

Create a new role with custom privileges.

$role1 = New-VIRole -Privilege $readOnlyPrivileges -Name Role1

Add the PowerOn privileges to the new role.

$powerOnPrivileges = Get-VIPrivilege -Name "PowerOn"
$role1 = Set-VIRole –Role $role1 –AddPrivilege $powerOnPrivileges

Create a permission and apply it to a vSphere root object.
```
$rootFolder = Get-Folder -NoRecursion
$permission1 = New-VIPermission -Entity $rootFolder -Principal "user" -Role readonly -Propagate
```
The Principal parameter accepts both local and domain users and groups if the vCenter Server system is joined in AD.

Update the new permission with the custom role.

$permission1 = Set-VIPermission -Permission $permission1 -Role $role1

Results

You created a new role and assigned permissions to a user.