Scripts/New-BPAPermission.ps1
|
function New-BPAPermission { <# .SYNOPSIS Assigns security to a BPA object. .DESCRIPTION New-BPAPermission assigns security to an object. .PARAMETER InputObject The name of the new object. .PARAMETER Principal The user or group to assign security to. .EXAMPLE # Denies user 'John' access to task 'Test' Get-BPATask -Name "Test" | New-BPAPermission -Principal 'John' .NOTES Author(s): : David Seibel Contributor(s) : Date Created : 07/10/2017 Date Modified : 05/01/2018 .LINK https://github.com/davidseibel/PoshBPA #> [CmdletBinding()] param( [Parameter(Mandatory = $true, ValueFromPipeline = $true)] $InputObject, [ValidateNotNullOrEmpty()] $Principal, [bool]$FullControl = $false, [bool]$Create = $false, [bool]$Read = $false, [bool]$Edit = $false, [bool]$Delete = $false, [bool]$Move = $false, [bool]$ToggleEnable = $false, [bool]$ManualRun = $false, [bool]$Stop = $false, [bool]$Import = $false, [bool]$Export = $false, [bool]$Staging = $false, [bool]$Assign = $false, [bool]$ChangeSecurity = $false, [bool]$CanEdit = $false, [bool]$ManualResume = $false, [bool]$ManualRunFromHere = $false, [bool]$ToggleLock = $false, [bool]$Upgrade = $false ) BEGIN { $tempPrincipal = @() foreach ($obj in $Principal) { if ($obj.PSObject.Properties | Where-Object {$_.Name -eq "TypeName"}) { if ($obj.TypeName -notin @("User","UserGroup")) { throw "Unsupported input type '$($obj.TypeName)' encountered!" } $tempPrincipal += $obj } elseif ($obj -is [string]) { $temp = Get-BPAUserGroup -Name $obj if ($temp) { $tempPrincipal += $temp } else { $temp = Get-BPAUser -Name $obj if ($temp) { $tempPrincipal += $temp } else { throw "Principal '$obj' not found!" } } } } $Principal = $tempPrincipal if ($FullControl) { $Create = $true $Read = $true $Edit = $true $Delete = $true $Move = $true $ToggleEnable = $true $ManualRun = $true $Stop = $true $Import = $true $Export = $true $Staging = $true $Assign = $true $ChangeSecurity = $true $CanEdit = $true $ManualResume = $true $ManualRunFromHere = $true $ToggleLock = $true $Upgrade = $true } } PROCESS { foreach ($obj in $InputObject) { if ($obj.TypeName -in @("Folder","Workflow","Task","Condition","Process","Agent","AgentGroup","User","UserGroup")) { $currentPermissions = $obj | Get-BPAPermission foreach ($p in $Principal) { if ($null -eq ($currentPermissions | Where-Object {$_.GroupID -eq $p.ID})) { # Get the template object from the PoshBPA\ObjectTemplates folder, and configure the object $newObject = Get-BPAObjectTemplate -Type "Permission" -BPAServer $BPAServer $newObject.ID = $guid $newObject.Name = $Name $newObject.ParentID = $Folder.ID $newObject.Path = Join-Path -Path $Folder.Path -ChildPath $Folder.Name $newObject.AssignPermission = $Assign $newObject.CreatePermission = $Create $newObject.DeletePermission = $Delete $newObject.EditPermission = $Edit $newObject.EnablePermission = $ToggleEnable $newObject.ExportPermission = $Export $newObject.ImportPermission = $Import $newObject.LockPermission = $ToggleLock $newObject.MovePermission = $Move $newObject.ReadPermission = $Read $newObject.ResumePermission = $ManualResume $newObject.RunFromHerePermission = $ManualRunFromHere $newObject.RunPermission = $ManualRun $newObject.SecurityPermission = $ChangeSecurity $newObject.StagingPermission = $Staging $newObject.StopPermission = $Stop $newObject.UpgradePermission = $Upgrade $json = ConvertTo-BPAJson -InputObject $newObjectProps $splat += @{ Resource = "$(([BPATypeDictionary]::($obj.TypeName)).RestResource)/$($obj.ID)/permissions/create" RestMethod = "Post" Body = $json BPAServer = $obj.BPAServer } Invoke-BPARestMethod @splat | Out-Null Write-Verbose "Assigned permissions to $($p.TypeName) '$($p.Name)' for $($obj.TypeName) '$($obj.Name)'!" } else { Write-Warning "$($p.TypeName) '$($p.Name)' already has permissions for $($obj.TypeName) '$($obj.Name)'!" } } } else { Write-Error -Message "Unsupported input type '$($obj.TypeName)' encountered!" -TargetObject $obj } } } } |