So, This is a drill down of information from a RoleGroup. With this script, you will be able to see Who is a member of the RoleGroup, What Commands The RoleGroup can run, and Where they can run them.
function get-RBACHelperRoleGroup
{
<#
.SYNOPSIS
Displays relavent information about who can do what from a particular `
RoleGroup
.DESCRIPTION
Given a RoleGroup name, this script will show who is in the group, `
what Roles are assigned, what the scope of those rules are and what `
commands (RoleEntries) and in that role.
.EXAMPLE
get-RBACHelperRoleGroup "Help Desk"
.PARAMETER RoleGroupName
the name of the RoleGroup to inspect.
#>
######################################################
# Function created by Gene Laisne www.genelaisne.com
#
# Please use and distribute as you see fit.
# If you make changes please send them back to me
# so I can make updates (gene@genelaisne.com)
#
# Of course, I'm not responsible if this script
# breaks someting.
#######################################################
[CmdletBinding(SupportsShouldProcess=$true)]
param(
[Parameter(Mandatory=$true)]
[string] $RoleGroupName
)
begin{ }
Process{
$RoleGroup = get-RoleGroup $RoleGroupName
write-host -fore cyan "RoleGroup: $RoleGroupName"
write-host -fore cyan "==================================="
write-host -fore cyan "members: $($RoleGroup.Members.Count)"
write-host -fore cyan "-----------------------------------"
foreach ($member in $RoleGroup.members)
{
write-host $member
}
write-host "`r`n"
$Roles = $RoleGroup.Roles
foreach ($Role in $Roles)
{
write-host -fore cyan " Role: $Role"
write-host -fore cyan " ==================================="
$RoleAssignment = get-managementRoleAssignment `
|?{$_.Role -eq $Role -And `
$_.RoleAssignee -eq $RoleGroup.identity}
write-host -fore cyan " RoleAssignemnt"
write-host -fore cyan " -----------------------------------"
write-host -fore yellow " $RoleAssignment"
$RecipientReadScope = $RoleAssignment.RecipientReadScope
$ConfigReadScope = $RoleAssignment.ConfigReadScope
$RecipientWriteScope = $RoleAssignment.RecipientWriteScope
$RecipientWriteScope = $RoleAssignment.RecipientWriteScope
write-host " RecipientReadScope : $RecipientReadScope"
write-host " ConfigReadScope : $ConfigReadScope"
write-host " RecipientWriteScope: $RecipientWriteScope"
write-host " RecipientWriteScope: $RecipientWriteScope"
write-host "`r`n"
$myRole = Get-managementRole $Role
write-host -fore cyan " RoleEntries:"
write-host -fore cyan " ==================================="
Foreach ($RoleEntry in $myRole.RoleEntries)
{
write-host " $RoleEntry"
}
write-host "`r`n"
}
}
end { }
# function history:
# 1/26/2012 Scipt created by Gene Laisne (www.genelaisne.com)
}