Permissions

PowerShell Universal leverages permissions throughout the platform to provide fine-grained authorization against different scopes and resources. Built-in roles have a read-only set of permissions that are automatically applied to users with those roles. Custom roles can have custom permissions set. Additionally, individual users can have their own set of permissions.

Permissions are stored in the database and not as part of the .universal configuration files.

Permission Identifiers

Each permission uses an identifier to authorize a user to access a resource. They are strings that utilize the scope and resource type, followed by an access type.

For example, the following would provide read access to all API features.

apis/read

Wildcards can be used in permission identifiers to include sub-scopes over multiple access types. The following provides access to all script features.

automation.scripts/*

Managing Permissions

Permissions can be managed for an identity by click Security \ Permissions. You can select the identity and define a permission identifier to grant to the identity. This will blend with the permissions granted by any role assignments they may have.

Roles currently cannot be assigned permissions.

Default Role Permissions

Below are the default role permissions.

Administrator

Operator

Execute

Reader

API Editor

API Reader

App Editor

App Reader