It is pretty straight forward: it creates a VIRole of the given name in a destination vCenter, based on the name of a VIRole and source vCenter. This does involve the additional step of getting the VIPrivileges (handled in the function via Get-VIPrivilege) from the destination vCenter -- the PrivilegeList itself did not suffice. The function definition:
function Copy-VIRole { <# .Description Copy a role to another role, either in same vCenter or to a different vCenter This assumes that connections to source/destination vCenter(s) are already established. If role of given name already exists in destination vCenter, will stop. Author: vNugglets.com -- Jul 2013 .Example Copy-VIRole -SrcRoleName SysAdm -DestRoleName SysAdm_copyTest -SrcVCName vcenter.com -DestVCName labvcenter.com .Outputs VMware.VimAutomation.ViCore.Impl.V1.PermissionManagement.RoleImpl if role is created/updated, String in Warning stream and nothing in standard out otherwise #> param( ## source role name [parameter(Mandatory=$true)][string]$SrcRoleName_str, ## destination role name [parameter(Mandatory=$true)]$DestRoleName_str, ## source vCenter connection name [parameter(Mandatory=$true)]$SrcVCName_str, ## destination vCenter connection name [parameter(Mandatory=$true)]$DestVCName_str, ## WhatIf switch [switch]$WhatIf_sw ) ## end param ## get the VIRole from the source vCenter $oSrcVIRole = Get-VIRole -Server $SrcVCName_str -Name $SrcRoleName_str -ErrorAction:SilentlyContinue ## if the role does not exist in the source vCenter if ($null -eq $oSrcVIRole) {Write-Warning "VIRole '$DestRoleName_str' does not exist in source vCenter '$SrcVCName_str'. No source VIRole from which to copy. Exiting"; exit} ## see if there is VIRole by the given name in the destination vCenter $oDestVIRole = Get-VIRole -Server $DestVCName_str -Name $DestRoleName_str -ErrorAction:SilentlyContinue ## if the role already exists in the destination vCenter if ($null -ne $oDestVIRole) {Write-Warning "VIRole '$DestRoleName_str' already exists in destination vCenter '$DestVCName_str'. Exiting"; exit} ## else, create the role else { $strNewVIRoleExpr = 'New-VIRole -Server $DestVCName_str -Name $DestRoleName_str -Privilege (Get-VIPrivilege -Server $DestVCName_str -Id $oSrcVIRole.PrivilegeList){0}' -f $(if ($WhatIf_sw) {" -WhatIf"}) Invoke-Expression $strNewVIRoleExpr } ## end else } ## end function
An example of using the function to copy a role from one vCenter to another, with a new role name:
PS vN:\> Copy-VIRole -SrcRoleName MyRole0 -SrcVCName myvcenter.dom.com -DestRoleName MyNewRole -DestVCName vcenter2.dom.com Name IsSystem ---- -------- MyNewRole False PS vN:\> Get-VIRole MyNewRole -server vcenter2* Name IsSystem ---- -------- MyNewRole FalseOne can also use this function to clone a VIRole in the same vCenter -- just use the same vCenter for the Source and Destination vCenter parameters.
Note: this function expects/requires that the PowerCLI session already has a connection to each of the vCenter(s) (one or two) involved in the operation.
For another way of copying a VIRole (between separate vCenters, particularly), see Grzegorz's post at http://psvmware.wordpress.com/2012/07/19/clone-roles-between-two-virtual-center-servers/.
Enjoy.