Permissions
Permissions for resources within PowerShell Universal
PowerShell Universal leverages permissions throughout the platform to provide fine-grained authorization against different scopes and resources. Built-in roles have a read-only set of permissions that are automatically applied to users with those roles. Custom roles can have custom permissions set. Additionally, individual users can have their own set of permissions.
Permissions are stored in the database and not as part of the .universal
configuration files.
Permission Identifiers
Each permission uses an identifier to authorize a user to access a resource. They are strings that utilize the scope and resource type, followed by an access type.
For example, the following would provide read access to all API features.
Wildcards can be used in permission identifiers to include sub-scopes over multiple access types. The following provides access to all script features.
Managing Permissions
PowerShell Universal v5 is still in beta and this is subject to change.
Permissions can be managed for an identity by click Security \ Permissions. You can select the identity and define a permission identifier to grant to the identity. This will blend with the permissions granted by any role assignments they may have.
Roles currently cannot be assigned permissions.
Default Role Permissions
Below are the default role permissions.
Administrator
*
Full access to PowerShell Universal
Operator
apis/*
Full access to APIs.
automation/*
Full access to automation features.
apps/*
Full access to Apps.
platform/*
Full access to platform features
settings/*
Full access to platform features
Execute
apis/read
Read access to APIs
apis/execute
Execute access to APIs
automation/read
Read access to automation features.
automation/execute
Execute access to automation features.
apps/read
Read access to Apps.
apps/execute
Execute access to Apps.
platform/read
Read access to platform features.
settings/read
Read access to settings.
Reader
apis/read
Read access to APIs.
apps/read
Read access to Apps.
automation/read
Read access to automation features.
API Editor
apis/*
All access to APIs.
API Reader
apis/read
Read access to APIs.
App Editor
apps/*
All access to apps.
App Reader
apps/read
Read access to apps.
Last updated