VIPerms

0.0.3

Public/New-VIGlobalPermission.ps1

                                function New-VIGlobalPermission {

    <#

    .SYNOPSIS

    Add a global permission for a user/group.

    .DESCRIPTION

    Creates a global permission assigning either a user or group to a specific role.

    .PARAMETER Name

    Specify the name of user or group including the domain.

    .PARAMETER IsGroup

    Specify whether the target is a group object or not.

    .PARAMETER RoleId

    Specify the identifier for the specific role to assign to the global permission.

    .PARAMETER Propagate

    Specify whether the permission should propagate to all children objects or not.

    .PARAMETER SkipCertificateCheck

    Skip certificate verification.

    .EXAMPLE

    New-VIGlobalPermission -Name "VSPHERE.LOCAL\joe-bloggs" -RoleId -1

    .EXAMPLE

    New-VIGlobalPermission -Name "VSPHERE.LOCAL\group-of-users" -IsGroup -RoleId -1

    .EXAMPLE

    New-VIGlobalPermission -Name "VSPHERE.LOCAL\joe-bloggs" -RoleId -1 -Propagate:$false

    #>

    param (

        [Parameter(

            Position = 0,

            Mandatory = $true

        )]

        [String] $Name,

        [Parameter(

            Position = 1,

            Mandatory = $false

        )]

        [Switch] $IsGroup,

        [Parameter(

            Position = 2,

            Mandatory = $false

        )]

        [String] $RoleId,

        [Parameter(

            Position = 3,

            Mandatory = $false

        )]

        [Switch] $Propagate = [Switch]::Present,

        [Parameter(

            Position = 4,

            Mandatory = $false

        )]

        [Switch] $SkipCertificateCheck

    )

    try {

        $ProPref = $ProgressPreference

        $ProgressPreference = "SilentlyContinue"

        if ($SkipCertificateCheck) {

            Set-CertPolicy -SkipCertificateCheck

        }

        Invoke-Login

        $Uri = ("https://$($Global:VIPerms.Server)/invsvc/mob3/?moid=authorizationService&" +

                "method=AuthorizationService.AddGlobalAccessControlList")

        $Group = switch ($IsGroup) {

            $true {"true"}

            $false {"false"}

        }

        $Prop = switch ($Propagate) {

            $true {"true"}

            $false {"false"}

        }

        $Body = ("vmware-session-nonce=$($Global:VIPerms.SessionNonce)&" +

                 "permissions=%3Cpermissions%3E%0D%0A+++%3Cprincipal%3E%0D%0A++++++" +

                 "%3Cname%3E$([Uri]::EscapeUriString($Name))%3C%2Fname%3E" +

                 "%0D%0A++++++%3Cgroup%3E$Group%3C%2Fgroup%3E%0D%0A+++%3C%2Fprincipal%3E%0D%0A+++" +

                 "%3Croles%3E$RoleId%3C%2Froles%3E%0D%0A+++" +

                 "%3Cpropagate%3E$Prop%3C%2Fpropagate%3E%0D%0A%3C%2Fpermissions%3E")

        $Params = @{

            Uri = $Uri

            WebSession = $Global:VIPerms.WebSession

            Method = "POST"

            Body = $Body

        }

        $Res = Invoke-WebRequest @Params

        Invoke-Logoff

        if ($SkipCertificateCheck) {

            Set-CertPolicy -ResetToDefault

        }

        $ProgressPreference = $ProPref

    } catch {

        $Err = $_

        throw $Err

    }

}