Functions/FoldersFiles/Add-PVRule.ps1
|
Function Add-PVRule { <# .SYNOPSIS Adds an Object Level Access rule .DESCRIPTION Exposes the PACLI Function: "ADDRULE" .PARAMETER vault The defined Vault name .PARAMETER user The Username of the authenticated User. .PARAMETER userName The user who will be affected by the rule. .PARAMETER safeName The Safe where the rule is applied. .PARAMETER fullObjectName The file, password, or folder that the rule applies to. .PARAMETER isFolder Whether the rule applies to files and passwords or for folders. NO – Indicates files and passwords YES – Indicates folders .PARAMETER effect Whether or not the rule allows or denies the user authorizations that are specified in the following parameters. Possible values are: Allow – The rule enables the authorizations marked ‘YES’. Deny – The rule denies all the following permissions. .PARAMETER retrieve Whether or not the user is authorized to retrieve files. .PARAMETER store Whether or not the user is authorized to store files. .PARAMETER delete Whether or not the user is authorized to delete files. .PARAMETER administer Whether or not the user is authorized to administer the Safe. .PARAMETER supervise Whether or not the user is authorized to supervise other Safe Owners and confirm requests by other users to enter specific Safes .PARAMETER backup Whether or not the user is authorized to backup the Safe .PARAMETER manageOwners Whether or not the user is authorized to manage other Safe owners. .PARAMETER accessNoConfirmation Whether or not the user is authorized to access the Safe without receiving confirmation from authorized users. .PARAMETER validateSafeContent Whether or not the user is authorized to validate the Safe contents. .PARAMETER list Whether or not the user is authorized to list the specified file, password, or folder. .PARAMETER usePassword If the object is a password, whether or not the user can use the password via the PVWA. .PARAMETER updateObjectProperties Whether or not the user is authorized to update the specified file or password categories. .PARAMETER initiateCPMChange Whether or not the user is authorized to initiate a CPM change for the specified password. .PARAMETER initiateCPMChangeWithManualPassword Whether or not the user is authorized to initiate a CPM change with a manual password for the specified password. .PARAMETER createFolder Whether or not the user is authorized to create a new folder. .PARAMETER deleteFolder Whether or not the user is authorized to delete a folder. .PARAMETER moveFrom Whether or not the user is authorized to move the specified file or password from its current location. .PARAMETER moveInto Whether or not the user is authorized to move the specified file or password into a different location. .PARAMETER viewAudit Whether or not the user is authorized to view the specified file or password audits. .PARAMETER viewPermissions Whether or not the user is authorized to view the specified file or password permissions. .PARAMETER eventsList Whether or not the user is authorized to view events. Note: To allow Safe Owners to access the Safe, make sure this is set to YES. .PARAMETER addEvents Whether or not the user is authorized to add events. .PARAMETER createObject Whether or not the user is authorized to create a new file or password. .PARAMETER unlockObject Whether or not the user is authorized to unlock the specified file or password. .PARAMETER renameObject Whether or not the user is authorized to rename the specified file or password. .PARAMETER sessionID The ID number of the session. Use this parameter when working with multiple scripts simultaneously. The default is ‘0’. .EXAMPLE Add-PVRule -vault lab -user administrator -userName user1 -safeName DEV-1 ` -fullObjectName root\rootpass -effect Allow -retrieve -store -delete Adds rule on object rootpass safe DEV-1 fr user user1 .NOTES AUTHOR: Pete Maan #> [CmdLetBinding()] param( [Parameter( Mandatory = $True, ValueFromPipelineByPropertyName = $True)] [string]$vault, [Parameter( Mandatory = $True, ValueFromPipelineByPropertyName = $True)] [string]$user, [Parameter( Mandatory = $True, ValueFromPipelineByPropertyName = $True)] [string]$userName, [Parameter( Mandatory = $True, ValueFromPipelineByPropertyName = $True)] [string]$safeName, [Parameter( Mandatory = $True, ValueFromPipelineByPropertyName = $True)] [string]$fullObjectName, [Parameter( Mandatory = $False, ValueFromPipelineByPropertyName = $True)] [switch]$isFolder, [Parameter( Mandatory = $True, ValueFromPipelineByPropertyName = $True)] [ValidateSet("Allow", "Deny")] [string]$effect, [Parameter( Mandatory = $False, ValueFromPipelineByPropertyName = $True)] [switch]$retrieve, [Parameter( Mandatory = $False, ValueFromPipelineByPropertyName = $True)] [switch]$store, [Parameter( Mandatory = $False, ValueFromPipelineByPropertyName = $True)] [switch]$delete, [Parameter( Mandatory = $False, ValueFromPipelineByPropertyName = $True)] [switch]$administer, [Parameter( Mandatory = $False, ValueFromPipelineByPropertyName = $True)] [switch]$supervise, [Parameter( Mandatory = $False, ValueFromPipelineByPropertyName = $True)] [switch]$backup, [Parameter( Mandatory = $False, ValueFromPipelineByPropertyName = $True)] [switch]$manageOwners, [Parameter( Mandatory = $False, ValueFromPipelineByPropertyName = $True)] [switch]$accessNoConfirmation, [Parameter( Mandatory = $False, ValueFromPipelineByPropertyName = $True)] [switch]$validateSafeContent, [Parameter( Mandatory = $False, ValueFromPipelineByPropertyName = $True)] [switch]$list, [Parameter( Mandatory = $False, ValueFromPipelineByPropertyName = $True)] [switch]$usePassword, [Parameter( Mandatory = $False, ValueFromPipelineByPropertyName = $True)] [switch]$updateObjectProperties, [Parameter( Mandatory = $False, ValueFromPipelineByPropertyName = $True)] [switch]$initiateCPMChange, [Parameter( Mandatory = $False, ValueFromPipelineByPropertyName = $True)] [switch]$initiateCPMChangeWithManualPassword, [Parameter( Mandatory = $False, ValueFromPipelineByPropertyName = $True)] [switch]$createFolder, [Parameter( Mandatory = $False, ValueFromPipelineByPropertyName = $True)] [switch]$deleteFolder, [Parameter( Mandatory = $False, ValueFromPipelineByPropertyName = $True)] [switch]$moveFrom, [Parameter( Mandatory = $False, ValueFromPipelineByPropertyName = $True)] [switch]$moveInto, [Parameter( Mandatory = $False, ValueFromPipelineByPropertyName = $True)] [switch]$viewAudit, [Parameter( Mandatory = $False, ValueFromPipelineByPropertyName = $True)] [switch]$viewPermissions, [Parameter( Mandatory = $False, ValueFromPipelineByPropertyName = $True)] [switch]$eventsList, [Parameter( Mandatory = $False, ValueFromPipelineByPropertyName = $True)] [switch]$addEvents, [Parameter( Mandatory = $False, ValueFromPipelineByPropertyName = $True)] [switch]$createObject, [Parameter( Mandatory = $False, ValueFromPipelineByPropertyName = $True)] [switch]$unlockObject, [Parameter( Mandatory = $False, ValueFromPipelineByPropertyName = $True)] [switch]$renameObject, [Parameter( Mandatory = $False, ValueFromPipelineByPropertyName = $True)] [int]$sessionID ) PROCESS { $Return = Invoke-PACLICommand $Script:PV.ClientPath ADDRULE "$($PSBoundParameters.getEnumerator() | ConvertTo-ParameterString -donotQuote effect) OUTPUT (ALL,ENCLOSE)" if($Return.ExitCode -eq 0) { #if result(s) returned if($Return.StdOut) { #Convert Output to array $Results = (($Return.StdOut | Select-String -Pattern "\S") | ConvertFrom-PacliOutput) #loop through results For($i = 0 ; $i -lt $Results.length ; $i += 7) { #Get Range from array $values = $Results[$i..($i + 7)] #Output Object [PSCustomObject] @{ "RuleID" = $values[0] "UserName" = $values[1] "Safename" = $values[2] "FullObjectName" = $values[3] "Effect" = $values[4] "RuleCreationDate" = $values[5] "AccessLevel" = $values[6] } | Add-ObjectDetail -TypeName pacli.PoShPACLI.Rule -PropertyToAdd @{ "vault" = $vault "user" = $user "sessionID" = $sessionID } } } } } } |