Vmware Automation - PowerCli unable to Retrieve Tags

Well, I’ve had an idea for a simple automation to restart some servers in a VMWare environment in my mind for a long time. Last week I decided to start it and give it a go no matter what. For the 1st step, started running some experiments with PowerCli instead of Ansible hoping to combine both of them to get the final result. That’s when I ran into some issue.

I started by deploying PowerShell Core to a Linux CentOS 7 VM and deploying PowerCli on top of that. Then Connecting to the vCenter server via that.

No matter what permission I granted to the newly created user via vCenter web, it didn’t have the right permissions to read the tag and threw out below error. I spend an entire night trying to solve this without much luck. I couldn’t find “System.Read” permissions anywhere in roles to assign them.

After doing much-needed research the next morning, I came up with the below PowerShell script to create role and grant permissions to reset, on, off, read and view for the whole cluster. Change the root folder variable if you need to apply it only to a specific folder.

Just Writing this out in hope to create a note and someone might find it usefull.

#change varibales as needed for role name & account principal Role Name
$USER_NAME = 'doimain(local or AD)\USERNAME'
$Role_Name = 'AUTOMATION_RESTART'

$rootFolder = Get-Folder -NoRecursion

$vCenter_Privileges = @(
'System.Read',
'System.View',
'VirtualMachine.Interact.PowerOff',
'VirtualMachine.Interact.PowerOn',
'VirtualMachine.Interact.Reset')

New-VIRole -Name $Role_Name -Privilege (Get-VIPrivilege -ID $vCenter_Privileges) | Out-Null

New-VIPermission -Entity $rootFolder -Principal $USER_NAME -Role $Role_Name -Propagate:$true | Out-Null