Functions/Get-MCASAdminAccess.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
<#
.Synopsis
   Lists the administrators that have been granted access to the MCAS portal via an MCAS role. (Does not include admins with Azure AD admin roles, like Global Admin.)
.DESCRIPTION
   Get-MCASAdminAccess list existing user accounts with MCAS admin rights and the permission type they have within MCAS.
 
.EXAMPLE
    PS C:\> Get-MCASAdminAccess
 
.EXAMPLE
    PS C:\> Get-MCASAdminAccess 'bob@contoso.com' READ_ONLY
    username permission_type
    -------- ---------------
    alice@contoso.com FULL_ACCESS
    bob@contoso.com READ_ONLY
 
.FUNCTIONALITY
   Get-MCASAdminAccess is intended to list the administrators assigned in an MCAS tenant.
#>

function Get-MCASAdminAccess {
    [CmdletBinding()]
    Param
    (
        # Specifies the credential object containing tenant as username (e.g. 'contoso.us.portal.cloudappsecurity.com') and the 64-character hexadecimal Oauth token as the password.
        [Parameter(Mandatory=$false)]
        [ValidateNotNullOrEmpty()]
        [System.Management.Automation.PSCredential]$Credential = $CASCredential
    )
    try {
        $response = Invoke-MCASRestMethod -Credential $Credential -Path '/cas/api/v1/manage_admin_access/' -Method Get
    }
    catch {
        throw "Error calling MCAS API. The exception was: $_"
    }

    $response = $response.data 
    
    $response
}