So, This is a drill down of information from a RoleGroup. With this script, you will be able to see Who is a member of the RoleGroup, What Commands The RoleGroup can run, and Where they can run them.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 |
function get-RBACHelperRoleGroup { <# .SYNOPSIS Displays relavent information about who can do what from a particular ` RoleGroup .DESCRIPTION Given a RoleGroup name, this script will show who is in the group, ` what Roles are assigned, what the scope of those rules are and what ` commands (RoleEntries) and in that role. .EXAMPLE get-RBACHelperRoleGroup "Help Desk" .PARAMETER RoleGroupName the name of the RoleGroup to inspect. #> ###################################################### # Function created by Gene Laisne www.genelaisne.com # # Please use and distribute as you see fit. # If you make changes please send them back to me # so I can make updates (gene@genelaisne.com) # # Of course, I'm not responsible if this script # breaks someting. ####################################################### [CmdletBinding(SupportsShouldProcess=$true)] param( [Parameter(Mandatory=$true)] [string] $RoleGroupName ) begin{ } Process{ $RoleGroup = get-RoleGroup $RoleGroupName write-host -fore cyan "RoleGroup: $RoleGroupName" write-host -fore cyan "===================================" write-host -fore cyan "members: $($RoleGroup.Members.Count)" write-host -fore cyan "-----------------------------------" foreach ($member in $RoleGroup.members) { write-host $member } write-host "`r`n" $Roles = $RoleGroup.Roles foreach ($Role in $Roles) { write-host -fore cyan " Role: $Role" write-host -fore cyan " ===================================" $RoleAssignment = get-managementRoleAssignment ` |?{$_.Role -eq $Role -And ` $_.RoleAssignee -eq $RoleGroup.identity} write-host -fore cyan " RoleAssignemnt" write-host -fore cyan " -----------------------------------" write-host -fore yellow " $RoleAssignment" $RecipientReadScope = $RoleAssignment.RecipientReadScope $ConfigReadScope = $RoleAssignment.ConfigReadScope $RecipientWriteScope = $RoleAssignment.RecipientWriteScope $RecipientWriteScope = $RoleAssignment.RecipientWriteScope write-host " RecipientReadScope : $RecipientReadScope" write-host " ConfigReadScope : $ConfigReadScope" write-host " RecipientWriteScope: $RecipientWriteScope" write-host " RecipientWriteScope: $RecipientWriteScope" write-host "`r`n" $myRole = Get-managementRole $Role write-host -fore cyan " RoleEntries:" write-host -fore cyan " ===================================" Foreach ($RoleEntry in $myRole.RoleEntries) { write-host " $RoleEntry" } write-host "`r`n" } } end { } # function history: # 1/26/2012 Scipt created by Gene Laisne (www.genelaisne.com) } |
Leave a Reply