Functions/Public/Set-AMSystemPermission.ps1
|
function Set-AMSystemPermission { <# .SYNOPSIS Assigns security to an Automate system. .DESCRIPTION Set-AMPermission assigns security to the Automate server. .PARAMETER InputObject The system permission object to modify. .PARAMETER FullControl Sets all permissions to allow for the specified user(s) or group(s). .PARAMETER Deploy Allow or deny permission to deploy agents onto remote computers. .PARAMETER EditCredentials Allow or deny permission to edit credentials. .PARAMETER EditCredentialsConnections Allow or deny permission to edit credentials connections. .PARAMETER EditDashboard Allow or deny permission to edit the dashboard panel. .PARAMETER EditDefaultProperties Allow or deny permission to edit default properties. .PARAMETER EditLicensing Allow or deny permission to edit product license information. .PARAMETER EditPreferences Allow or deny permission to edit preferences. .PARAMETER EditRevisionManagement Allow or deny permission to edit the Revision Management information. .PARAMETER EditServerSettings Allow or deny permission to edit server level settings. .PARAMETER ToggleTriggering Allow or deny permission to turn global triggering on or off. .PARAMETER ViewCalendar Allow or deny permission to view the calendar of previous and future events. .PARAMETER ViewCredentials Allow or deny permission to view credentials. .PARAMETER ViewCredentialsConnections Allow or deny permission to view credentials connections. .PARAMETER ViewDashboard Allow or deny permission to view the dashboard panel of SMC. .PARAMETER ViewDefaultProperties Allow or deny permission to view default properties which affect the behavior of individual workflows, tasks, agents, and other objects. .PARAMETER ViewLicensing Allow or deny permission to view product license information. .PARAMETER ViewPreferences Allow or deny permission to view preferences which affect an assortment of visual and operational characteristics in SMC. .PARAMETER ViewRecycleBin Allow or deny permission to view the recycle bin. .PARAMETER ViewReports Allow or deny permission to view reports, including charts and tables. .PARAMETER ViewRevisionManagement Allow or deny permission to view the Revision Management information. .PARAMETER ViewServerSettings Allow or deny permission to view server level settings, such as Data Store, Load Management, SQL Connections and more. .EXAMPLE # Gives user 'John' full control Get-AMUser -Name "John" | New-AMSystemPermission -FullControl .LINK https://github.com/AutomatePS/AutomatePS/blob/master/Docs/New-AMSystemPermission.md #> [CmdletBinding(SupportsShouldProcess=$true,ConfirmImpact="Low")] param ( [Parameter(Mandatory = $true, ValueFromPipeline = $true)] $InputObject, [switch]$FullControl = $false, [switch]$Deploy = $false, [switch]$EditCredentials = $false, [switch]$EditCredentialsConnections = $false, [switch]$EditDashboard = $false, [switch]$EditDefaultProperties = $false, [switch]$EditLicensing = $false, [switch]$EditPreferences = $false, [switch]$EditRevisionManagement = $false, [switch]$EditServerSettings = $false, [switch]$ToggleTriggering = $false, [switch]$ViewCalendar = $false, [switch]$ViewCredentials = $false, [switch]$ViewCredentialsConnections = $false, [switch]$ViewDashboard = $false, [switch]$ViewDefaultProperties = $false, [switch]$ViewLicensing = $false, [switch]$ViewPreferences = $false, [switch]$ViewRecycleBin = $false, [switch]$ViewReports = $false, [switch]$ViewRevisionManagement = $false, [switch]$ViewServerSettings = $false ) BEGIN { if ($FullControl.IsPresent) { $Deploy = $true $EditCredentials = $true $EditCredentialsConnections = $true $EditDashboard = $true $EditDefaultProperties = $true $EditLicensing = $true $EditPreferences = $true $EditRevisionManagement = $true $EditServerSettings = $true $ToggleTriggering = $true $ViewCalendar = $true $ViewCredentials = $true $ViewCredentialsConnections = $true $ViewDashboard = $true $ViewDefaultProperties = $true $ViewLicensing = $true $ViewPreferences = $true $ViewRecycleBin = $true $ViewReports = $true $ViewRevisionManagement = $true $ViewServerSettings = $true } } PROCESS { foreach ($obj in $InputObject) { $connection = Get-AMConnection -ConnectionAlias $obj.ConnectionAlias if ($obj.Type -in @("SystemPermission")) { $principal = Get-AMObject -Id $obj.GroupID -Types User,UserGroup $updateObject = $principal | Get-AMSystemPermission $shouldUpdate = $false if ($PSBoundParameters.ContainsKey("Deploy")) { if ($updateObject.DeployPermission -ne $Deploy.IsPresent) { $updateObject.DeployPermission = $Deploy.IsPresent $shouldUpdate = $true } } if ($PSBoundParameters.ContainsKey("EditDashboard")) { if ($updateObject.EditDashboardPermission -ne $EditDashboard.IsPresent) { $updateObject.EditDashboardPermission = $EditDashboard.IsPresent $shouldUpdate = $true } } if ($PSBoundParameters.ContainsKey("EditDefaultProperties")) { if ($updateObject.EditDefaultPropertiesPermission -ne $EditDefaultProperties.IsPresent) { $updateObject.EditDefaultPropertiesPermission = $EditDefaultProperties.IsPresent $shouldUpdate = $true } } if ($PSBoundParameters.ContainsKey("EditLicensing")) { if ($updateObject.EditLicensingPermission -ne $EditLicensing.IsPresent) { $updateObject.EditLicensingPermission = $EditLicensing.IsPresent $shouldUpdate = $true } } if ($PSBoundParameters.ContainsKey("EditPreferences")) { if ($updateObject.EditPreferencesPermission -ne $EditPreferences.IsPresent) { $updateObject.EditPreferencesPermission = $EditPreferences.IsPresent $shouldUpdate = $true } } if ($PSBoundParameters.ContainsKey("EditServerSettings")) { if ($updateObject.EditServerSettingsPermission -ne $EditServerSettings.IsPresent) { $updateObject.EditServerSettingsPermission = $EditServerSettings.IsPresent $shouldUpdate = $true } } if ($PSBoundParameters.ContainsKey("ToggleTriggering")) { if ($updateObject.ToggleTriggeringPermission -ne $ToggleTriggering.IsPresent) { $updateObject.ToggleTriggeringPermission = $ToggleTriggering.IsPresent $shouldUpdate = $true } } if ($PSBoundParameters.ContainsKey("ViewCalendar")) { if ($updateObject.ViewCalendarPermission -ne $ViewCalendar.IsPresent) { $updateObject.ViewCalendarPermission = $ViewCalendar.IsPresent $shouldUpdate = $true } } if ($PSBoundParameters.ContainsKey("ViewDashboard")) { if ($updateObject.ViewDashboardPermission -ne $ViewDashboard.IsPresent) { $updateObject.ViewDashboardPermission = $ViewDashboard.IsPresent $shouldUpdate = $true } } if ($PSBoundParameters.ContainsKey("ViewDefaultProperties")) { if ($updateObject.ViewDefaultPropertiesPermission -ne $ViewDefaultProperties.IsPresent) { $updateObject.ViewDefaultPropertiesPermission = $ViewDefaultProperties.IsPresent $shouldUpdate = $true } } if ($PSBoundParameters.ContainsKey("ViewLicensing")) { if ($updateObject.ViewLicensingPermission -ne $ViewLicensing.IsPresent) { $updateObject.ViewLicensingPermission = $ViewLicensing.IsPresent $shouldUpdate = $true } } if ($PSBoundParameters.ContainsKey("ViewPreferences")) { if ($updateObject.ViewPreferencesPermission -ne $ViewPreferences.IsPresent) { $updateObject.ViewPreferencesPermission = $ViewPreferences.IsPresent $shouldUpdate = $true } } if ($PSBoundParameters.ContainsKey("ViewReports")) { if ($updateObject.ViewReportsPermission -ne $ViewReports.IsPresent) { $updateObject.ViewReportsPermission = $ViewReports.IsPresent $shouldUpdate = $true } } if ($PSBoundParameters.ContainsKey("ViewServerSettings")) { if ($updateObject.ViewServerSettingsPermission -ne $ViewServerSettings.IsPresent) { $updateObject.ViewServerSettingsPermission = $ViewServerSettings.IsPresent $shouldUpdate = $true } } if (Test-AMFeatureSupport -Connection $connection -Feature RevisionManagement -Action Ignore) { if ($PSBoundParameters.ContainsKey("EditRevisionManagement")) { if ($updateObject.EditRevisionManagementPermission -ne $EditRevisionManagement.IsPresent) { $updateObject.EditRevisionManagementPermission = $EditRevisionManagement.IsPresent $shouldUpdate = $true } } if ($PSBoundParameters.ContainsKey("ViewRevisionManagement")) { if ($updateObject.ViewRevisionManagementPermission -ne $ViewRevisionManagement.IsPresent) { $updateObject.ViewRevisionManagementPermission = $ViewRevisionManagement.IsPresent $shouldUpdate = $true } } if ($PSBoundParameters.ContainsKey("ViewRecycleBin")) { if ($updateObject.ViewRecycleBinPermission -ne $ViewRecycleBin.IsPresent) { $updateObject.ViewRecycleBinPermission = $ViewRecycleBin.IsPresent $shouldUpdate = $true } } } if (Test-AMFeatureSupport -Connection $connection -Feature Credentials -Action Ignore) { if ($PSBoundParameters.ContainsKey("EditCredentials")) { if ($updateObject.EditCredentialsPermission -ne $EditCredentials.IsPresent) { $updateObject.EditCredentialsPermission = $EditCredentials.IsPresent $shouldUpdate = $true } } if ($PSBoundParameters.ContainsKey("EditCredentialsConnections")) { if ($updateObject.EditVaultConnectionsPermission -ne $EditCredentialsConnections.IsPresent) { $updateObject.EditVaultConnectionsPermission = $EditCredentialsConnections.IsPresent $shouldUpdate = $true } } if ($PSBoundParameters.ContainsKey("ViewCredentials")) { if ($updateObject.ViewCredentialsPermission -ne $ViewCredentials.IsPresent) { $updateObject.ViewCredentialsPermission = $ViewCredentials.IsPresent $shouldUpdate = $true } } if ($PSBoundParameters.ContainsKey("ViewCredentialsConnections")) { if ($updateObject.ViewVaultConnectionsPermission -ne $ViewCredentialsConnections.IsPresent) { $updateObject.ViewVaultConnectionsPermission = $ViewCredentialsConnections.IsPresent $shouldUpdate = $true } } } $splat += @{ Resource = "/system_permissions/$($updateObject.ID)/update" RestMethod = "Post" Body = $updateObject.ToJson() Connection = $obj.ConnectionAlias } if ($PSCmdlet.ShouldProcess($connection.Name, "Updating system permission for: $(Join-Path -Path $principal.Path -ChildPath $principal.Name)")) { Invoke-AMRestMethod @splat | Out-Null Write-Verbose "Assigned system permissions to $($principal.Type) '$($principal.Name)'!" Get-AMSystemPermission -ID $updateObject.ID } } else { Write-Error -Message "Unsupported input type '$($obj.Type)' encountered!" -TargetObject $obj } } } } |