Bug in PowerCLI 4.1.1: Set-VIRole

I was trying to set up some permissions on vCenter Server using PowerCLI. Here is an example of a command I was running:

foreach ($role in 'Host','Virtual Machine','VMware vCenter Update Manager') {
Set-VIRole Role (Get-VIRole -Name ) -AddPrivilege (Get-VIPrivilege -Name 'Virtual machine')
}

PowerCLI returned the following:

WARNING: There were one or more problems with the server certificate:
* The X509 chain could not be built up to the root certificate.
* The certificate’s CN name does not match the passed value.
Name IsSystem
—- ——–
newTestRole False
newTestRole False
newTestRole False

This looks like it worked, however upon looking at the permissions on vCenter Server, the checkboxes for these three options were not selected. If you attempt the command with any other permissions it works as expected (i.e. the checkboxes are selected).
Why was this not working?

While I was unable to figure it out, I was able to find a workaround. My workaround was to select all of the sub-options under option that was not working. For example, instead of adding a privilege for Host, add privileges for CIM, Configuration, Inventory, and Local operations. Since these four options make up the Host group, the Host group gets selected as well.
Update: LucD overall on the VMware communities pointed out this is an issue with double nested permissions. More information available at: http://communities.vmware.com/message/1693685

© 2011, Steve Flanders. All rights reserved.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back To Top