New-DSEntityPermission

Create a permission object for an entity

New-DSEntityPermission [-Override] <SecurityRoleOverride> [-Right] <SecurityRoleRight>
 [-User <string[]>] [-Role <string[]>] [-Application <string[]>] [<CommonParameters>]

New-DSEntityPermission [-Override] <SecurityRoleOverride> [-Right] <SecurityRoleRight>
 [-PrincipalId] <guid[]> [<CommonParameters>]

Create a permission object for an entity. The User, Role, and Application parameters can be specified by either their ID or their name. For an application, the name refers to the Application ID as the displayed name is not necessarly unique. The existence of all entities will be confirmed, with a warning message for those who are not found. The ID parameter accepts only IDs, whether they correspond to a user, a user group, or an application. No verification of existence will be performed on entities specified by this parameter, so ensure that the correct IDs are used. Since no verification occurs, it is much quicker.

PS C:\> $permission = New-DSEntityPermission -Override Custom -Right Delete -User MyUserA, MyUserB
        $pamRoot = Get-DSPamFolder -VaultID $pamVaultID -Root
        Set-DSEntityPermission -EntityID $pamRoot.ID -Permissions $permission

For the PAM accounts in the PAM vault whose ID is $pamVaultID, the default right to delete will be assigned to MyUserA and MyUserB.

PS C:\> $userIDs = Get-DSUser | Where Name -like *something* | Select -ExpandProperty ID
        $permission = New-DSEntityPermission -Override CustomInherited -Right Edit -PrincipalId $userIDs
        Set-DSEntityPermission -EntityID $entryID -Permissions $permission

Add users whose name contains 'something' to the inherited users who canedit the entry whose ID is stored in $entryID

Application identities allowed to access the right. Can be specified by their application ID or their ID.

Type: System.String[]
DefaultValue: ''
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: WithExistenceCheck
  Position: Named
  IsRequired: false
  ValueFromPipeline: false
  ValueFromPipelineByPropertyName: false
  ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''

Defines how the permissions are determined. Fives modes are available: Custom: Specify a custom value for the permission. Only the specified users, user groups, and applications will have the permission. CustomInherited: Combinaision of Inherited and Custom. Add additional users, user groups, and applications to the inherited ones. Everyone: Same as Allowed in the UI. Everyone is granted the permission. Inherited: Inherit the permission from the parent Never: Same as Disallowed in the UI. No one but the administrators is granted the permission

Type: Devolutions.RemoteDesktopManager.SecurityRoleOverride
DefaultValue: ''
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
  Position: 0
  IsRequired: true
  ValueFromPipeline: false
  ValueFromPipelineByPropertyName: false
  ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''

IDs of users, roles, and applications without verifying their existence. It is much quicker to proceed with this parameter than the User, Role, or Application parameters.

Type: System.Guid[]
DefaultValue: ''
SupportsWildcards: false
Aliases:
- ID
ParameterSets:
- Name: WithoutExistenceCheck
  Position: 2
  IsRequired: true
  ValueFromPipeline: false
  ValueFromPipelineByPropertyName: false
  ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''

Defines which right is modified

Type: Devolutions.RemoteDesktopManager.SecurityRoleRight
DefaultValue: ''
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
  Position: 1
  IsRequired: true
  ValueFromPipeline: false
  ValueFromPipelineByPropertyName: false
  ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''

Roles (User groups) allowed to access the right. Can be specified by their name or their ID.

Type: System.String[]
DefaultValue: ''
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: WithExistenceCheck
  Position: Named
  IsRequired: false
  ValueFromPipeline: false
  ValueFromPipelineByPropertyName: false
  ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''

Users allowed to access the right. Can be specified by their name or their ID.

Type: System.String[]
DefaultValue: ''
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: WithExistenceCheck
  Position: Named
  IsRequired: false
  ValueFromPipeline: false
  ValueFromPipelineByPropertyName: false
  ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

For more information, type "Get-Help New-DSEntityPermission -detailed". For technical information, type "Get-Help New-DSEntityPermission -full".