Permissions
Permissions for resources within PowerShell Universal
PowerShell Universal leverages permissions throughout the platform to provide fine-grained authorization against different scopes and resources. Built-in roles have a read-only set of permissions that are automatically applied to users with those roles. Custom roles can have custom permissions set. Additionally, individual users can have their own set of permissions.
Permissions are stored in the database and not as part of the .universal configuration files.
Permission Identifiers
Each permission uses an identifier to authorize a user to access a resource. They are strings that utilize the scope and resource type, followed by an access type.
For example, the following would provide read access to all API features.
Wildcards can be used in permission identifiers to include sub-scopes over multiple access types. The following provides access to all script features.
Managing Permissions
PowerShell Universal v5 is still in beta and this is subject to change.
Permissions can be managed for an identity by click Security \ Permissions. You can select the identity and define a permission identifier to grant to the identity. This will blend with the permissions granted by any role assignments they may have.
Roles currently cannot be assigned permissions.
Default Role Permissions
Below are the default role permissions.
Administrator
| Identifier | Description |
|---|---|
* | Full access to PowerShell Universal |
Operator
| Identifier | Description |
|---|---|
apis/* | Full access to APIs. |
automation/* | Full access to automation features. |
apps/* | Full access to Apps. |
platform/* | Full access to platform features |
settings/* | Full access to platform features |
Execute
| Identifier | Description |
|---|---|
apis/read | Read access to APIs |
apis/execute | Execute access to APIs |
automation/read | Read access to automation features. |
automation/execute | Execute access to automation features. |
apps/read | Read access to Apps. |
apps/execute | Execute access to Apps. |
platform/read | Read access to platform features. |
settings/read | Read access to settings. |
Reader
| Identifier | Description |
|---|---|
apis/read | Read access to APIs. |
apps/read | Read access to Apps. |
automation/read | Read access to automation features. |
API Editor
| Identifier | Description |
|---|---|
apis/* | All access to APIs. |
API Reader
| Identifier | Description |
|---|---|
apis/read | Read access to APIs. |
App Editor
| Identifier | Description |
|---|---|
apps/* | All access to apps. |
App Reader
apps/read | Read access to apps. |
Last updated