How to Get VMware® Account Permissions

Native Solution vs. Netwrix Auditor for VMware
{{ firstError }}
We care about security of your data. Privacy Policy
Native Solution Netwrix Auditor for VMware
Native Solution
Netwrix Auditor for VMware
  1. Download the latest VMware® vSphere® PowerCLI™ installer from the Download page of the VMware® web site and install the PowerCLI software.
  2. Open the PowerShell ISE and create a new file with the following PowerShell script, specifying your own connection information, the report output path and the user name to collect report for:

#Connection info 
$VIuser = 'DOMAIN\UserName' 
$VIpass = 'Password' 
$VIserver = '' 
$VIport = '443' 
#Output path 
$out = 'C:\VM_Permissions.csv' 
#User to get report for  
$user = 'DOMAIN\UserName' 
#Connecting to vSphere 
Connect-VIServer -Server $VIserver -Port $VIport -User $VIuser -Password $VIpass 
#Collecting information 
$rep = foreach($vm in Get-Inventory){ 
   Get-VIPermission -Entity $vm|Where-Object {$_.Principal -eq $user}| 
   Select Principal,Role, Propagate,IsGroup,  
$rep |Export-Csv -Path $out -NoTypeInformation

  1. Open and review the resulting CSV report:
  1. Run Netwrix Auditor and navigate to Reports Predefined VMware VMware -State-in-TimeAccount Permissions in vCenter.
  2. Click View.
  3. Type the desired user name into the User (domain\account) filter and click View Report
  • Clicking the Object path link opens a report that shows who has permissions to that object.
  • The Role link opens a detailed report on privileges for that role.
  • Clicking the Defined in link will show you accounts with explicit or inherited permissions on that object. 

Conduct regular permissions attestations to make sure each VMware account has proper access to your infrastructure

To protect your organization from breaches, business disruptions and compliance violations, you need to be scrupulous about protecting the data and applications in your VMware environment. That means implementing the two cornerstones of security: permissions management and auditing. Netwrix Auditor for VMware delivers both.

First, to minimize your attack surface area, the solution to helps you limit permissions to the least-privilege level. In seconds, you can get a clear summary of all the VMware® vCenter® objects that user or group has explicit or inherited permissions for, either directly or through group membership. In addition, you can easily analyze VMware permissions from different angles, such as:

  • All the permissions that a certain account or a group has
  • All accounts that have permissions to a specific VMware object
  • All permissions assigned to a particular role  

In addition, Netwrix Auditor also enables you to keep close tabs on changes to your virtual infrastructure — without plodding through VMware logs. You can produce clear reports in a few clicks, quickly investigate suspicious activity using interactive search, and even get alerted to critical changes so you can respond in time to prevent a breach.

Related How-tos