Maintain control of your Microsoft 365 data
Post Reply
matteu
Veeam Legend
Posts: 886
Liked: 139 times
Joined: May 11, 2018 8:42 am
Contact:

Powershell get all users and RBAC roles associated

Post by matteu »

Hello,

I would like to get all the user with their RBAC permission on VB365 to use the admin console
With the GUI it's Menu -> Manage Users & roles -> Users and roles

I would like to be able to get the complete list of user / group + role assigned + MFA status

Then I would like to get the status and value for "Enable auto logoff after XX min of inactivity".

I don't find any powershell cmdlet for this.

Get-VBORbacRole is for restore operator if I understand it correctly.
Mildur
Product Manager
Posts: 10910
Liked: 2984 times
Joined: May 13, 2017 4:51 pm
Full Name: Fabian K.
Location: Switzerland
Contact:

Re: Powershell get all users and RBAC roles associated

Post by Mildur »

Hi Matteu,

I'll reach out to our VB365 team, but as far as I know, there is currently no API or PowerShell cmdlet available to retrieve this configuration.
Could you share the use case for your script? Understanding why you need to retrieve this information would help us determine how we can best address your request or consider changes to the product in the future.

As a unsupported workaround:
Information about <Added Users>, <MFA Configuration>, and <Auto Log Off Settings> is stored in tables within the PostgreSQL database. In theory, you could run a SELECT query against the PostgreSQL database (the table names are self-explanatory), but we do not support direct interaction with the database.

The hostname of the PostgreSQL server can be found in the config.xml file:
"C:\ProgramData\Veeam\Backup365\Config.xml"

Code: Select all

<Veeam>
  <Archiver>
    <ControllerPostgres ControllerConnectionString="host=HOSTNAME;port=5432;database=VeeamBackup365;username=postgres;MaxPoolSize=100;ConnectionIdleLifetime=10" />
  </Archiver>
</Veeam>
Best,
Fabian
Product Management Analyst @ Veeam Software
matteu
Veeam Legend
Posts: 886
Liked: 139 times
Joined: May 11, 2018 8:42 am
Contact:

Re: Powershell get all users and RBAC roles associated

Post by matteu »

Thanks for your answer :)

My use case is after implement a product on my customer, I give them a documentation with all the changes I implement.
If I added users, enable MFA... I would like to be able to get this information with the script I use today to automatically generate a complete documentation of the settings applied.

On VBR product, there is a cmdlet available for all of these options :)
matteu
Veeam Legend
Posts: 886
Liked: 139 times
Joined: May 11, 2018 8:42 am
Contact:

Re: Powershell get all users and RBAC roles associated

Post by matteu »

I didn't mention it, but this could be a feature request :)

Then, I think I need to use both table to get what I want : settings + multi_factor_authentication_profiles + vbo_users
Settings content the value for MFA is enable or not
Then with VBO user you can know for which account ID the MFA is mandatory or if it's a service account
Finally with multi_factor_authentication_profiles you can have the users enrolled for MFA.
matteu
Veeam Legend
Posts: 886
Liked: 139 times
Joined: May 11, 2018 8:42 am
Contact:

Re: Powershell get all users and RBAC roles associated

Post by matteu »

This is what I made for Veeam user + MFA status :
This will work on local postgres with default database name and postgreSQL installed in the default directory.

Code: Select all

$dburl="postgresql://postgres:@127.0.0.1:5432/VeeamBackup365"
$MFAEnableQuery="SELECT value FROM settings where key = 'MultiFactorAuthenticationConfig'" | & "C:\Program Files\PostgreSQL\15\bin\psql.exe" $dburl 
$MFAEnabled = if ($data -match '"IsEnabled":([^,]+),') {
    $matches[1]
}
$MFAUsersQuery="SELECT name,is_service_account FROM public.vbo_users order by is_service_account" | & "C:\Program Files\PostgreSQL\15\bin\psql.exe" $dburl 

$MFAEnabled
$MFAUsersQuery
Post Reply

Who is online

Users browsing this forum: No registered users and 11 guests