update

_NDGOV_WindowsTeam/ITD.Infra-Servers-PowerShellUniversal.Test/.universal/roles.ps1

@@ -0,0 +1,160 @@
+New-PSURole -Name "Administrator" -Description "Administrators can manage settings, create and edit any entity and view all the entities with PowerShell Universal." -Policy {
+  param(
+      [Security.ClaimsPrincipal]$User
+    )
+          
+    <# 
+    Policies should return $true or $false to determine whether the user has the particular 
+    claim that require them for that role.
+  #>
+  
+    #$false
+  
+  <#
+    $UserName = ($User.Identity.Name)
+    $UserName = $UserName.Substring($UserName.IndexOf('\') + 1, ($UserName.Length - ($UserName.IndexOf('\') + 1)))
+  
+    $IsMember = $false;
+  
+    # Perform LDAP Group Member Lookup
+    $Searcher = New-Object DirectoryServices.DirectorySearcher
+    $Searcher.SearchRoot = 'LDAP://OU=USERS, OU=ITD, DC=nd, DC=gov' # INSERT ROOT LDAP HERE
+    $Searcher.Filter = "(&(objectCategory=person)(memberOf=CN=ITD-PSUniversal-Admin,OU=ITDGROUPS,OU=GROUPS,OU=ITD,DC=nd,DC=gov))" #GROUP INSERT DN TO CHECK HERE
+    $Users = $Searcher.FindAll()
+    $Users | ForEach-Object {
+      If ($_.Properties.samaccountname -eq $UserName) {
+        $IsMember = $true;
+        "$UserName is a member of admin group!" | Out-File "C:\test\adgroup.txt"
+      }
+      else {
+        "$UserName is NOT member of admin group!" | Out-File "C:\test\adgroup.txt"
+      }
+    }
+  
+    return $IsMember
+    #>
+  
+    param($User)
+  
+  $Roles = $User.Claims | Where-Object Type -eq Group | Select-Object -ExpandProperty Value
+  $Roles -contains 'ITD-PSUniversal-Admin'
+  } 
+  New-PSURole -Name "Operator" -Description "Operators have access to manage and execute scripts, create other entities within PowerShell Universal but cannot manage PowerShell Universal itself." -Policy {
+  param(
+      [Security.ClaimsPrincipal]$User
+    )
+          
+    <# 
+    Policies should return $true or $false to determine whether the user has the particular 
+    claim that require them for that role.
+  #>
+  
+    $false
+  } 
+  New-PSURole -Name "Reader" -Description "Readers have read-only access to PowerShell Universal. They cannot make changes to any entity within the system." -Policy {
+  param(
+      [Security.ClaimsPrincipal]
+      $User
+    )
+          
+    <# 
+    Policies should return $true or $false to determine whether the user has the particular 
+    claim that require them for that role.
+  #>
+    $User | ConvertTo-Json | Set-Content ("C:\temp\user-" + $User.Identity.Name + ".json")
+    $Roles = $User.Claims | Where-Object Type -eq Group | Select-Object -ExpandProperty Value
+    $Roles -match "ITD-PSUniversal-*"
+  
+  } 
+  New-PSURole -Name "Execute" -Description "Execute scripts within PowerShell Universal." -Policy {
+  param(
+      [Security.ClaimsPrincipal]$User
+    )
+          
+    <# 
+    Policies should return $true or $false to determine whether the user has the particular 
+    claim that require them for that role.
+  #>
+  
+    $false
+  } 
+  New-PSURole -Name "User" -Description "Does not have access to the admin console but can be assigned resources like APIs, scripts, dashboards and pages." -Policy {
+  param(
+      [Security.ClaimsPrincipal]$User
+    )
+          
+    <# 
+    Policies should return $true or $false to determine whether the user has the particular 
+    claim that require them for that role.
+  #>
+  
+    $false
+  }
+  
+  
+  ###### Team-TeamName nd.gov Active Directory groups
+  New-PSURole -Name "Team-Windows" -Policy {
+    param($User)
+    $Roles = $User.Claims | Where-Object Type -eq Group | Select-Object -ExpandProperty Value
+    $Roles -contains "ITD-PSUniversal-Team-Windows"
+  } 
+  
+  New-PSURole -Name "Team-Linux" -Policy {
+    param($User)
+    $Roles = $User.Claims | Where-Object Type -eq Group | Select-Object -ExpandProperty Value
+    $Roles -contains "ITD-PSUniversal-Team-Linux"
+  }
+  
+  New-PSURole -Name "Team-ConnectND" -Policy {
+    param($User)
+    $Roles = $User.Claims | Where-Object Type -eq Group | Select-Object -ExpandProperty Value
+    $Roles -contains "ITD-PSUniversal-Team-ConnectND"
+  }
+  
+  New-PSURole -Name "Team-Network" -Policy {
+    param($User)
+    $Roles = $User.Claims | Where-Object Type -eq Group | Select-Object -ExpandProperty Value
+    $Roles -contains "ITD-PSUniversal-Team-Network"
+  }
+  
+  New-PSURole -Name "Team-Tier2" -Policy {
+    param($User)
+    $Roles = $User.Claims | Where-Object Type -eq Group | Select-Object -ExpandProperty Value
+    $Roles -contains "ITD-PSUniversal-Team-Tier2"
+  }
+  
+  New-PSURole -Name "Team-Mgmt" -Policy {
+    param($User)
+    $Roles = $User.Claims | Where-Object Type -eq Group | Select-Object -ExpandProperty Value
+    $Roles -contains "ITD-PSUniversal-Team-Mgmt"
+  }
+  
+  
+  ###### ITD App-AppName nd.gov Active Directory Groups
+  <# New Role for Apps example
+  New-PSURole -Name "App-Infra-XXXXX" -Policy {
+    param($User)
+    $Roles = $User.Claims | Where-Object Type -eq Group | Select-Object -ExpandProperty Value
+    $Roles -contains "ITD-PSUniversal-App-Infra-XXXXX"
+  }
+  #>
+  
+  New-PSURole -Name "App-Infra-VMware" -Policy {
+    param($User)
+    $Roles = $User.Claims | Where-Object Type -eq Group | Select-Object -ExpandProperty Value
+    $Roles -contains "ITD-PSUniversal-App-Infra-VMware"
+  }
+  
+  New-PSURole -Name "App-ITD-WindowsServer" -Policy {
+    param($User)
+    $Roles = $User.Claims | Where-Object Type -eq Group | Select-Object -ExpandProperty Value
+    $Roles -contains "ITD-PSUniversal-App-ITD-WindowsServer"
+  }
+  
+  New-PSURole -Name "App-Shared-Powerschool" -Policy {
+    param($User)
+    $Roles = $User.Claims | Where-Object Type -eq Group | Select-Object -ExpandProperty Value
+    $Roles -contains "ITD-PSUniversal-App-Shared-PowerSchool"
+  }
+  
+