How to Get VMware® Account Permissions

Native Solution

Netwrix Auditor for VMware

Steps

Download the latest VMware® vSphere® PowerCLI™ installer from the Download page of the VMware® web site and install the PowerCLI software.
Open the PowerShell ISE and create a new file with the following PowerShell script, specifying your own connection information, the report output path and the user name to collect report for:

#Connection info
$VIuser = 'DOMAIN\UserName'
$VIpass = 'Password'
$VIserver = '40.113.200.201'
$VIport = '443'
#Output path
$out = 'C:\VM_Permissions.csv'
#User to get report for
$user = 'DOMAIN\UserName'
#Connecting to vSphere
Connect-VIServer -Server $VIserver -Port $VIport -User $VIuser -Password $VIpass
#Collecting information
$rep = foreach($vm in Get-Inventory){
Get-VIPermission -Entity $vm|Where-Object {$_.Principal -eq $user}|
Select Principal,Role, Propagate,IsGroup,
@{N='Object_ID';E={$vm.Id}},
@{N='Object_Name';E={$vm.Name}},
@{N='Uid';E={$vm.Uid}}
}
$rep |Export-Csv -Path $out -NoTypeInformation

Open and review the resulting CSV report:

Run Netwrix Auditor and navigate to Reports → Predefined → VMware → VMware -State-in-Time → Account Permissions in vCenter.
Click View.
Type the desired user name into the User (domain\account) filter and click View Report.

Clicking the Object path link opens a report that shows who has permissions to that object.
The Role link opens a detailed report on privileges for that role.
Clicking the Defined in link will show you accounts with explicit or inherited permissions on that object.

Conduct regular permissions attestations to make sure each VMware account has proper access to your infrastructure

To protect your organization from breaches, business disruptions and compliance violations, you need to be scrupulous about protecting the data and applications in your VMware environment. That means implementing the two cornerstones of security: permissions management and auditing. Netwrix Auditor for VMware delivers both.

First, to minimize your attack surface area, the solution to helps you limit permissions to the least-privilege level. In seconds, you can get a clear summary of all the VMware® vCenter® objects that user or group has explicit or inherited permissions for, either directly or through group membership. In addition, you can easily analyze VMware permissions from different angles, such as:

All the permissions that a certain account or a group has
All accounts that have permissions to a specific VMware object
All permissions assigned to a particular role

In addition, Netwrix Auditor also enables you to keep close tabs on changes to your virtual infrastructure — without plodding through VMware logs. You can produce clear reports in a few clicks, quickly investigate suspicious activity using interactive search, and even get alerted to critical changes so you can respond in time to prevent a breach.

Previous How-to

How to Detect Logons Outside of Trusted Locations in Microsoft Entra ID

Next How-to

How to Check User Privileges in SQL Server