vmware_object_role_permission – Manage local roles on an ESXi host¶
New in version 2.8.
Synopsis¶
This module can be used to manage object permissions on the given host.
Requirements¶
The below requirements are needed on the host that executes this module.
python >= 2.7
PyVmomi
Parameters¶
| Parameter | Choices/Defaults | Comments |
|---|---|---|
|
group
-
|
The group to be assigned permission.
Required if
principal is not specified. |
|
|
hostname
string
|
The hostname or IP address of the vSphere vCenter or ESXi server.
If the value is not specified in the task, the value of environment variable
VMWARE_HOST will be used instead.Environment variable support added in Ansible 2.6.
|
|
|
object_name
-
/ required
|
The object name to assigned permission.
|
|
|
object_type
-
|
|
The object type being targeted.
|
|
password
string
|
The password of the vSphere vCenter or ESXi server.
If the value is not specified in the task, the value of environment variable
VMWARE_PASSWORD will be used instead.Environment variable support added in Ansible 2.6.
aliases: pass, pwd |
|
|
port
integer
added in 2.5 |
Default: 443
|
The port number of the vSphere vCenter or ESXi server.
If the value is not specified in the task, the value of environment variable
VMWARE_PORT will be used instead.Environment variable support added in Ansible 2.6.
|
|
principal
-
|
The user to be assigned permission.
Required if
group is not specified. |
|
|
recursive
boolean
|
|
Should the permissions be recursively applied.
|
|
role
-
/ required
|
The role to be assigned permission.
|
|
|
state
-
|
|
Indicate desired state of the object's permission.
When
state=present, the permission will be added if it doesn't already exist.When
state=absent, the permission is removed if it exists. |
|
username
string
|
The username of the vSphere vCenter or ESXi server.
If the value is not specified in the task, the value of environment variable
VMWARE_USER will be used instead.Environment variable support added in Ansible 2.6.
aliases: admin, user |
|
|
validate_certs
boolean
|
|
Allows connection when SSL certificates are not valid. Set to
false when certificates are not trusted.If the value is not specified in the task, the value of environment variable
VMWARE_VALIDATE_CERTS will be used instead.Environment variable support added in Ansible 2.6.
If set to
yes, please make sure Python >= 2.7.9 is installed on the given machine. |
Notes¶
Note
Tested on ESXi 6.5, vSphere 6.7
The ESXi login user must have the appropriate rights to administer permissions.
Permissions for a distributed switch must be defined and managed on either the datacenter or a folder containing the switch.
Examples¶
- name: Assign user to VM folder
vmware_object_role_permission:
role: Admin
principal: user_bob
object_name: services
state: present
delegate_to: localhost
- name: Remove user from VM folder
vmware_object_role_permission:
role: Admin
principal: user_bob
object_name: services
state: absent
delegate_to: localhost
- name: Assign finance group to VM folder
vmware_object_role_permission:
role: Limited Users
group: finance
object_name: Accounts
state: present
delegate_to: localhost
- name: Assign view_user Read Only permission at root folder
vmware_object_role_permission:
role: ReadOnly
principal: view_user
object_name: rootFolder
state: present
delegate_to: localhost
Return Values¶
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
|
changed
boolean
|
always |
whether or not a change was made to the object's role
|
Status¶
This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by the Ansible Community. [community]