vmware_object_role_permission – Manage local roles on an ESXi host
New in version 2.8.
Synopsis
- This module can be used to manage object permissions on the given host.
Requirements
The below requirements are needed on the host that executes this module.
- python >= 2.7
- PyVmomi
Parameters
| Parameter | Choices/Defaults | Comments |
|---|---|---|
| group - | The group to be assigned permission. Required if principal is not specified. | |
| hostname string | The hostname or IP address of the vSphere vCenter or ESXi server. If the value is not specified in the task, the value of environment variable VMWARE_HOST will be used instead.Environment variable support added in Ansible 2.6. | |
| object_name - / required | The object name to assigned permission. | |
| object_type - |
| The object type being targeted. |
| password string | The password of the vSphere vCenter or ESXi server. If the value is not specified in the task, the value of environment variable VMWARE_PASSWORD will be used instead.Environment variable support added in Ansible 2.6. aliases: pass, pwd | |
| port integer added in 2.5 | Default: 443 | The port number of the vSphere vCenter or ESXi server. If the value is not specified in the task, the value of environment variable VMWARE_PORT will be used instead.Environment variable support added in Ansible 2.6. |
| principal - | The user to be assigned permission. Required if group is not specified. | |
| recursive boolean |
| Should the permissions be recursively applied. |
| role - / required | The role to be assigned permission. | |
| state - |
| Indicate desired state of the object's permission. When state=present, the permission will be added if it doesn't already exist.When state=absent, the permission is removed if it exists. |
| username string | The username of the vSphere vCenter or ESXi server. If the value is not specified in the task, the value of environment variable VMWARE_USER will be used instead.Environment variable support added in Ansible 2.6. aliases: admin, user | |
| validate_certs boolean |
| Allows connection when SSL certificates are not valid. Set to false when certificates are not trusted.If the value is not specified in the task, the value of environment variable VMWARE_VALIDATE_CERTS will be used instead.Environment variable support added in Ansible 2.6. If set to yes, please make sure Python >= 2.7.9 is installed on the given machine. |
Notes
Note
- Tested on ESXi 6.5, vSphere 6.7
- The ESXi login user must have the appropriate rights to administer permissions.
- Permissions for a distributed switch must be defined and managed on either the datacenter or a folder containing the switch.
Examples
- name: Assign user to VM folder
vmware_object_role_permission:
role: Admin
principal: user_bob
object_name: services
state: present
delegate_to: localhost
- name: Remove user from VM folder
vmware_object_role_permission:
role: Admin
principal: user_bob
object_name: services
state: absent
delegate_to: localhost
- name: Assign finance group to VM folder
vmware_object_role_permission:
role: Limited Users
group: finance
object_name: Accounts
state: present
delegate_to: localhost
- name: Assign view_user Read Only permission at root folder
vmware_object_role_permission:
role: ReadOnly
principal: view_user
object_name: rootFolder
state: present
delegate_to: localhost
Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| changed boolean | always | whether or not a change was made to the object's role |
Status
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by the Ansible Community. [community]
Authors
- Derek Rushing (@kryptsi)
- Joseph Andreatta (@vmwjoseph)
Hint
If you notice any issues in this documentation you can edit this document to improve it.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.8/modules/vmware_object_role_permission_module.html