New-DSEntityPermission

    2024-11-18

    New-DSEntityPermission

    SYNOPSIS

    Create a permission object for an entity

    SYNTAX

    WithExistenceCheck (Default)

    New-DSEntityPermission [-Override] <SecurityRoleOverride> [-Right] <SecurityRoleRight>
 [-User <string[]>] [-Role <string[]>] [-Application <string[]>] [<CommonParameters>]

    WithoutExistenceCheck

    New-DSEntityPermission [-Override] <SecurityRoleOverride> [-Right] <SecurityRoleRight>
 [-ID] <guid[]> [<CommonParameters>]

    ALIASES

    This cmdlet has the following aliases,

    DESCRIPTION

    Create a permission object for an entity. The User, Role, and Application parameters can be specified by either their ID or their name. For an application, the name refers to the Application ID as the displayed name is not necessarly unique. The existence of all entities will be confirmed, with a warning message for those who are not found. The ID parameter accepts only IDs, whether they correspond to a user, a user group, or an application. No verification of existence will be performed on entities specified by this parameter, so ensure that the correct IDs are used. Since no verification occurs, it is much quicker.

    EXAMPLES

    EXAMPLE 1

    PS C:> $permission = New-DSEntityPermission -Override Custom -Right Delete -User MyUserA, MyUserB $pamRoot = Get-DSPamFolder -VaultID $pamVaultID -Root Set-DSEntityPermission -EntityID $pamRoot.ID -Permissions $permission

    For the PAM accounts in the PAM vault whose ID is $pamVaultID, the default right to delete will be assigned to MyUserA and MyUserB.

    EXAMPLE 2

    PS C:> $userIDs = Get-DSUser | Where Name -like something | Select -ExpandProperty ID $permission = New-DSEntityPermission -Override CustomInherited -Right Edit -ID $userIDs Set-DSEntityPermission -EntityID $entryID -Permissions $permission

    Add users whose name contains 'something' to the inherited users who canedit the entry whose ID is stored in $entryID

    PARAMETERS

    -Application

    Application identities allowed to access the right. Can be specified by their application ID or their ID.

    Type: System.String[]
DefaultValue: ''
SupportsWildcards: false
ParameterValue: []
Aliases: []
ParameterSets:
- Name: WithExistenceCheck
  Position: Named
  IsRequired: false
  ValueFromPipeline: false
  ValueFromPipelineByPropertyName: false
  ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''

    -ID

    IDs of users, roles, and applications without verifying their existence. It is much quicker to proceed with this parameter than the User, Role, or Application parameters.

    Type: System.Guid[]
DefaultValue: ''
SupportsWildcards: false
ParameterValue: []
Aliases: []
ParameterSets:
- Name: WithoutExistenceCheck
  Position: 3
  IsRequired: true
  ValueFromPipeline: false
  ValueFromPipelineByPropertyName: false
  ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''

    -Override

    Defines how the permissions are determined. Fives modes are available: Custom: Specify a custom value for the permission. Only the specified users, user groups, and applications will have the permission. CustomInherited: Combinaision of Inherited and Custom. Add additional users, user groups, and applications to the inherited ones. Everyone: Same as Allowed in the UI. Everyone is granted the permission. Inherited: Inherit the permission from the parent Never: Same as Disallowed in the UI. No one but the administrators is granted the permission

    Type: Devolutions.RemoteDesktopManager.SecurityRoleOverride
DefaultValue: ''
SupportsWildcards: false
ParameterValue: []
Aliases: []
ParameterSets:
- Name: (All)
  Position: 1
  IsRequired: true
  ValueFromPipeline: false
  ValueFromPipelineByPropertyName: false
  ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''

    Defines which right is modified

    Type: Devolutions.RemoteDesktopManager.SecurityRoleRight
DefaultValue: ''
SupportsWildcards: false
ParameterValue: []
Aliases: []
ParameterSets:
- Name: (All)
  Position: 2
  IsRequired: true
  ValueFromPipeline: false
  ValueFromPipelineByPropertyName: false
  ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''

    -Role

    Roles (User groups) allowed to access the right. Can be specified by their name or their ID.

    Type: System.String[]
DefaultValue: ''
SupportsWildcards: false
ParameterValue: []
Aliases: []
ParameterSets:
- Name: WithExistenceCheck
  Position: Named
  IsRequired: false
  ValueFromPipeline: false
  ValueFromPipelineByPropertyName: false
  ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''

    -User

    Users allowed to access the right. Can be specified by their name or their ID.

    Type: System.String[]
DefaultValue: ''
SupportsWildcards: false
ParameterValue: []
Aliases: []
ParameterSets:
- Name: WithExistenceCheck
  Position: Named
  IsRequired: false
  ValueFromPipeline: false
  ValueFromPipelineByPropertyName: false
  ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''

    CommonParameters

    This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

    INPUTS

    OUTPUTS

    Devolutions.RemoteDesktopManager.Business.ConnectionPermission

    NOTES

    For more information, type "Get-Help New-DSEntityPermission -detailed". For technical information, type "Get-Help New-DSEntityPermission -full".