zmeier/Backup
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0cb505afbe962d0d5ea36b01c1af07f9ab8b9339
Backup/_NDGOV_WindowsTeam/ITD.Infra-Servers-PowerShellUniversal/.universal/roles.ps1
T
Zack Meier 1d304511b8 update
2026-04-15 15:45:50 -05:00

75 lines
2.4 KiB
PowerShell
Raw Blame History

New-PSURole -Name "Administrator" -Description "Administrators can manage settings, create and edit any entity and view all the entities with PowerShell Universal." -Policy {
param(
[Security.ClaimsPrincipal]$User
)
<#
Policies should return $true or $false to determine whether the user has the particular
claim that require them for that role.
#>
$Roles = $User.Claims | Where-Object Type -EQ Group | Select-Object -ExpandProperty Value
$Roles -contains 'ITD-PSUniversal-Admin'
}
New-PSURole -Name "Execute" -Description "Execute scripts within PowerShell Universal." -Policy {
param(
[Security.ClaimsPrincipal]$User
)
<#
Policies should return $true or $false to determine whether the user has the particular
claim that require them for that role.
#>
$false
}
New-PSURole -Name "Operator" -Description "Operators have access to manage and execute scripts, create other entities within PowerShell Universal but cannot manage PowerShell Universal itself." -Policy {
param(
[Security.ClaimsPrincipal]$User
)
<#
Policies should return $true or $false to determine whether the user has the particular
claim that require them for that role.
#>
$false
}
New-PSURole -Name "Reader" -Description "Readers have read-only access to PowerShell Universal. They cannot make changes to any entity within the system." -Policy {
param(
[Security.ClaimsPrincipal]$User
)
<#
Policies should return $true or $false to determine whether the user has the particular
claim that require them for that role.
#>
$true #default $false
}
New-PSURole -Name "Team-Windows" -Policy {
param(
[Security.ClaimsPrincipal]$User
)
<#
Policies should return $true or $false to determine whether the user has the particular
claim that require them for that role.
#>
#$false
$Roles = $User.Claims | Where-Object Type -EQ Group | Select-Object -ExpandProperty Value
$Roles -contains "ITD-PSUniversal-Team-Windows"
}
New-PSURole -Name "User" -Description "Does not have access to the admin console but can be assigned resources like APIs, scripts, dashboards and pages." -Policy {
param(
[Security.ClaimsPrincipal]$User
)
<#
Policies should return $true or $false to determine whether the user has the particular
claim that require them for that role.
#>
$false
}
Reference in New Issue View Git Blame Copy Permalink