Functions/AccountACL/Remove-PASAccountACL.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
function Remove-PASAccountACL {
    <#
.SYNOPSIS
Deletes privileged commands rule from an account
 
.DESCRIPTION
Deletes privileged commands rule associated with account
 
.PARAMETER AccountPolicyID
ID of account from which the commands will be deleted
 
.PARAMETER AccountAddress
The address of the account for which the privileged command will be deleted.
 
.PARAMETER AccountUserName
The name of the account's user.
 
.PARAMETER Id
The ID of the command that will be deleted
 
.EXAMPLE
Remove-PASAccountACL -AccountPolicyId UNIXSSH -AccountAddress machine -AccountUserName root -Id 12
 
Removes matching Privileged Account Rule from the account root
 
.EXAMPLE
Get-PASAccount root | Get-PASAccountACL | Where-Object{$_.Command -eq "ifconfig"} | Remove-PASAccountACL
 
Removes matching Privileged Account Rule from account.
 
.INPUTS
All parameters can be piped by property name
Should accept pipeline objects from Get-PASAccountACL function
 
.LINK
https://pspas.pspete.dev/commands/Remove-PASAccountACL
#>

    [CmdletBinding(SupportsShouldProcess)]
    param(
        [parameter(
            Mandatory = $true,
            ValueFromPipelinebyPropertyName = $true
        )]
        [Alias("PolicyID")]
        [ValidateNotNullOrEmpty()]
        [string]$AccountPolicyId,

        [parameter(
            Mandatory = $true,
            ValueFromPipelinebyPropertyName = $true
        )]
        [ValidateNotNullOrEmpty()]
        [string]$AccountAddress,

        [parameter(
            Mandatory = $true,
            ValueFromPipelinebyPropertyName = $true
        )]
        [ValidateNotNullOrEmpty()]
        [string]$AccountUserName,

        [parameter(
            Mandatory = $true,
            ValueFromPipelinebyPropertyName = $true
        )]
        [string]$Id
    )

    BEGIN { }#begin

    PROCESS {

        #URL for request
        $URI = "$Script:BaseURI/WebServices/PIMServices.svc/Account/$($AccountAddress |
 
            Get-EscapedString)|$($AccountUserName |
 
                Get-EscapedString)|$($AccountPolicyId |
 
                    Get-EscapedString)/PrivilegedCommands/$Id"


        #Request Body
        $Body = @{ }

        if ($PSCmdlet.ShouldProcess("$AccountAddress|$AccountUserName|$AccountPolicyId",
                "Delete Privileged Command '$Id'")) {

            #Send Request to Web Service
            Invoke-PASRestMethod -Uri $URI -Method DELETE -Body $Body -WebSession $Script:WebSession

        }

    }#process

    END { }#end

}