> For the complete documentation index, see [llms.txt](https://docs.devolutions.net/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.devolutions.net/powershell/powershell-commands/new-dsentitypermission.md).

# New-DSEntityPermission

### Synopsis

Create a permission object for an entity

### Syntax

#### WithExistenceCheck (Default)

```
New-DSEntityPermission [-Override] <SecurityRoleOverride> [-Right] <SecurityRoleRight>
 [-User <string[]>] [-Role <string[]>] [-Application <string[]>] [<CommonParameters>]
```

#### WithoutExistenceCheck

```
New-DSEntityPermission [-Override] <SecurityRoleOverride> [-Right] <SecurityRoleRight>
 [-PrincipalId] <guid[]> [<CommonParameters>]
```

### Description

Create a permission object for an entity. The User, Role, and Application parameters can be specified by either their ID or their name. For an application, the name refers to the Application ID as the displayed name is not necessarly unique. The existence of all entities will be confirmed, with a warning message for those who are not found. The ID parameter accepts only IDs, whether they correspond to a user, a user group, or an application. No verification of existence will be performed on entities specified by this parameter, so ensure that the correct IDs are used. Since no verification occurs, it is much quicker.

### Examples

#### Example 1

```powershell
PS C:\> $permission = New-DSEntityPermission -Override Custom -Right Delete -User MyUserA, MyUserB
        $pamRoot = Get-DSPamFolder -VaultID $pamVaultID -Root
        Set-DSEntityPermission -EntityID $pamRoot.ID -Permissions $permission
```

For the PAM accounts in the PAM vault whose ID is $pamVaultID, the default right to delete will be assigned to MyUserA and MyUserB.

#### Example 2

```powershell
PS C:\> $userIDs = Get-DSUser | Where Name -like *something* | Select -ExpandProperty ID
        $permission = New-DSEntityPermission -Override CustomInherited -Right Edit -PrincipalId $userIDs
        Set-DSEntityPermission -EntityID $entryID -Permissions $permission
```

Add users whose name contains 'something' to the inherited users who canedit the entry whose ID is stored in $entryID

### Parameters

#### -Application

Application identities allowed to access the right. Can be specified by their application ID or their ID.

```yaml
Type: System.String[]
DefaultValue: ''
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: WithExistenceCheck
  Position: Named
  IsRequired: false
  ValueFromPipeline: false
  ValueFromPipelineByPropertyName: false
  ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''
```

#### -Override

Defines how the permissions are determined. Fives modes are available: Custom: Specify a custom value for the permission. Only the specified users, user groups, and applications will have the permission. CustomInherited: Combinaision of Inherited and Custom. Add additional users, user groups, and applications to the inherited ones. Everyone: Same as Allowed in the UI. Everyone is granted the permission. Inherited: Inherit the permission from the parent Never: Same as Disallowed in the UI. No one but the administrators is granted the permission

```yaml
Type: Devolutions.RemoteDesktopManager.SecurityRoleOverride
DefaultValue: ''
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
  Position: 0
  IsRequired: true
  ValueFromPipeline: false
  ValueFromPipelineByPropertyName: false
  ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''
```

#### -PrincipalId

IDs of users, roles, and applications without verifying their existence. It is much quicker to proceed with this parameter than the User, Role, or Application parameters.

```yaml
Type: System.Guid[]
DefaultValue: ''
SupportsWildcards: false
Aliases:
- ID
ParameterSets:
- Name: WithoutExistenceCheck
  Position: 2
  IsRequired: true
  ValueFromPipeline: false
  ValueFromPipelineByPropertyName: false
  ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''
```

#### -Right

Defines which right is modified

```yaml
Type: Devolutions.RemoteDesktopManager.SecurityRoleRight
DefaultValue: ''
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
  Position: 1
  IsRequired: true
  ValueFromPipeline: false
  ValueFromPipelineByPropertyName: false
  ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''
```

#### -Role

Roles (User groups) allowed to access the right. Can be specified by their name or their ID.

```yaml
Type: System.String[]
DefaultValue: ''
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: WithExistenceCheck
  Position: Named
  IsRequired: false
  ValueFromPipeline: false
  ValueFromPipelineByPropertyName: false
  ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''
```

#### -User

Users allowed to access the right. Can be specified by their name or their ID.

```yaml
Type: System.String[]
DefaultValue: ''
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: WithExistenceCheck
  Position: Named
  IsRequired: false
  ValueFromPipeline: false
  ValueFromPipelineByPropertyName: false
  ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''
```

#### CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about\_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216).

### Notes

For more information, type "Get-Help New-DSEntityPermission -detailed". For technical information, type "Get-Help New-DSEntityPermission -full".


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.devolutions.net/powershell/powershell-commands/new-dsentitypermission.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.