Powershell get all users and RBAC roles associated

[matteu]

Hello,

I would like to get all the user with their RBAC permission on VB365 to use the admin console
With the GUI it's Menu -> Manage Users & roles -> Users and roles

I would like to be able to get the complete list of user / group + role assigned + MFA status

Then I would like to get the status and value for "Enable auto logoff after XX min of inactivity".

I don't find any powershell cmdlet for this.

Get-VBORbacRole is for restore operator if I understand it correctly.

[Mildur]

Hi Matteu,

I'll reach out to our VB365 team, but as far as I know, there is currently no API or PowerShell cmdlet available to retrieve this configuration.
Could you share the use case for your script? Understanding why you need to retrieve this information would help us determine how we can best address your request or consider changes to the product in the future.

As a unsupported workaround:
Information about <Added Users>, <MFA Configuration>, and <Auto Log Off Settings> is stored in tables within the PostgreSQL database. In theory, you could run a SELECT query against the PostgreSQL database (the table names are self-explanatory), but we do not support direct interaction with the database.

The hostname of the PostgreSQL server can be found in the config.xml file:
"C:\ProgramData\Veeam\Backup365\Config.xml"

Code: Select all

<Veeam>
  <Archiver>
    <ControllerPostgres ControllerConnectionString="host=HOSTNAME;port=5432;database=VeeamBackup365;username=postgres;MaxPoolSize=100;ConnectionIdleLifetime=10" />
  </Archiver>
</Veeam>

Best,
Fabian

[matteu]

Thanks for your answer

My use case is after implement a product on my customer, I give them a documentation with all the changes I implement.
If I added users, enable MFA... I would like to be able to get this information with the script I use today to automatically generate a complete documentation of the settings applied.

On VBR product, there is a cmdlet available for all of these options

[matteu]

I didn't mention it, but this could be a feature request

Then, I think I need to use both table to get what I want : settings + multi_factor_authentication_profiles + vbo_users
Settings content the value for MFA is enable or not
Then with VBO user you can know for which account ID the MFA is mandatory or if it's a service account
Finally with multi_factor_authentication_profiles you can have the users enrolled for MFA.

[matteu]

This is what I made for Veeam user + MFA status :
This will work on local postgres with default database name and postgreSQL installed in the default directory.

Code: Select all

$dburl="postgresql://postgres:@127.0.0.1:5432/VeeamBackup365"
$MFAEnableQuery="SELECT value FROM settings where key = 'MultiFactorAuthenticationConfig'" | & "C:\Program Files\PostgreSQL\15\bin\psql.exe" $dburl 
$MFAEnabled = if ($data -match '"IsEnabled":([^,]+),') {
    $matches[1]
}
$MFAUsersQuery="SELECT name,is_service_account FROM public.vbo_users order by is_service_account" | & "C:\Program Files\PostgreSQL\15\bin\psql.exe" $dburl 

$MFAEnabled
$MFAUsersQuery