RBAC Helper #4 Who What Where for Role Groups

So, This is a drill down of information from a RoleGroup. With this script, you will be able to see Who is a member of the RoleGroup, What Commands The RoleGroup can run, and Where they can run them.

function get-RBACHelperRoleGroup
{

<#
.SYNOPSIS
    Displays relavent information about who can do what from a particular `
    RoleGroup
.DESCRIPTION
    Given a RoleGroup name, this script will show who is in the group, `
    what Roles are assigned, what the scope of those rules are and what `
    commands (RoleEntries) and in that role.
.EXAMPLE
    get-RBACHelperRoleGroup "Help Desk"
.PARAMETER RoleGroupName
    the name of the RoleGroup to inspect.
#>

    ######################################################
    # Function created by Gene Laisne www.genelaisne.com
    #
    # Please use and distribute as you see fit.
    # If you make changes please send them back to me
    # so I can make updates (gene@genelaisne.com)
    #
    # Of course, I'm not responsible if this script
    # breaks someting.
    #######################################################

    [CmdletBinding(SupportsShouldProcess=$true)]
    param(
        [Parameter(Mandatory=$true)]
        [string] $RoleGroupName
    )

    begin{ }

    Process{

        $RoleGroup = get-RoleGroup $RoleGroupName

        write-host -fore cyan "RoleGroup: $RoleGroupName"
        write-host -fore cyan "==================================="

        write-host -fore cyan "members: $($RoleGroup.Members.Count)"
        write-host -fore cyan "-----------------------------------"

        foreach ($member in $RoleGroup.members)
        {
            write-host $member
        }

        write-host "`r`n"

        $Roles = $RoleGroup.Roles

        foreach ($Role in $Roles)
        {
            write-host -fore cyan "  Role: $Role"
            write-host -fore cyan "  ==================================="

            $RoleAssignment = get-managementRoleAssignment `
                             |?{$_.Role -eq $Role -And `
                              $_.RoleAssignee -eq $RoleGroup.identity}

            write-host -fore cyan "  RoleAssignemnt"
            write-host -fore cyan "  -----------------------------------"

            write-host -fore yellow "  $RoleAssignment"

            $RecipientReadScope = $RoleAssignment.RecipientReadScope
            $ConfigReadScope = $RoleAssignment.ConfigReadScope
            $RecipientWriteScope = $RoleAssignment.RecipientWriteScope
            $RecipientWriteScope = $RoleAssignment.RecipientWriteScope

            write-host "  RecipientReadScope : $RecipientReadScope"
            write-host "  ConfigReadScope    : $ConfigReadScope"
            write-host "  RecipientWriteScope: $RecipientWriteScope"
            write-host "  RecipientWriteScope: $RecipientWriteScope"

            write-host "`r`n"

            $myRole = Get-managementRole $Role

            write-host -fore cyan "    RoleEntries:"
            write-host -fore cyan "    ==================================="

            Foreach ($RoleEntry in $myRole.RoleEntries)
            {
                write-host "    $RoleEntry"
            }

            write-host "`r`n"
        }
    }
    end { }

    # function history:
    # 1/26/2012    Scipt created by Gene Laisne (www.genelaisne.com)
}

Leave a Reply