PowerShell Universal
DownloadsIssuesDiscordForums
v4
v4
  • About
  • What's New in v4?
  • Get Started
  • Additional Resources
  • Installation
    • Docker
    • Upgrading
    • Uninstall
  • Licensing
  • System Requirements
  • Supported Browsers
  • Cmdlet Help
  • API
    • About
    • Endpoints
    • Event Hubs
    • Security
    • Error Handling
    • Rate Limiting
  • Automation
    • About Automation
    • Scripts
      • Parameters
    • Jobs
    • Schedules
    • System Events
    • Terminals
    • Triggers
    • Queues
  • User Interfaces
    • About
    • Apps
    • Examples
    • Components
      • Pages
      • Dynamic Regions
      • Element
      • Error Boundary
      • HTML
      • Custom Components
        • Building Custom JavaScript Components
      • Data Display
        • Alert
        • Badge
        • Chip
        • Data Grid
        • Date and Time
        • Icon
        • List
        • Markdown
        • Table
        • Timeline
        • Tooltip
        • Tree View
        • Typography
      • Data Visualization
        • Charts
        • Image
        • Map
      • Feedback
        • Backdrop
        • Modal
        • Progress
        • Skeleton
      • Inputs
        • Autocomplete
        • Button
        • Checkbox
        • Code Editor
        • Date Picker
        • Editor
        • Floating Action Button
        • Form
        • Radio
        • Rating
        • Select
        • Slider
        • Switch
        • Textbox
        • Time Picker
        • Transfer List
        • Upload
      • Navigation
        • Drawer
        • Link
        • Menu
        • Stepper
        • Tabs
      • Layout
        • Grid Layout
        • Grid
        • Hidden
        • Stack
      • Utilities
        • Protect Section
        • Transitions
      • Surfaces
        • AppBar
        • Card
        • Paper
        • Expansion Panel
    • Custom Variable Scopes
    • Interaction
    • Role Based Access
    • Scheduled Endpoints
    • Sessions
    • Themes
      • Cascading Style Sheets
      • Styles
  • Desktop
    • About Desktop Mode
    • File Associations
    • Hotkeys
    • Pages
    • Protocol Handlers
  • Platform
    • Cache
    • Computers
    • Health Checks
    • Middleware
    • Modules
    • Monitoring
    • Notifications
    • Plugins
    • Published Folders
    • Templates
    • Translations
    • User Sessions
    • Variables
  • Configuration
    • About
    • API
    • Command Line Options
    • Environments
    • Feature Flags
    • Git
    • Hosting
      • Azure
      • High Availability
      • IIS
      • Reverse Proxy
    • Login Page
    • Management API
    • Persistence
    • App Settings
    • Security
      • Access Controls
      • App Tokens
      • Client Certificate
      • OpenID Connect
      • PowerShell Protect
      • SAML2
      • WS-Federation
    • Repository
    • Running as a Service Account
    • Best Practices
  • Development
    • Debugging Scripts
    • Editor
    • Hangfire
    • Logging
    • Profiling
    • Visual Studio Code Extension
  • Samples
    • APIs
      • Custom Status Codes
    • Apps
      • Active Directory Tree View
      • Export-CSV Download
      • Dynamic Select Dropdown
      • Textbox Length Validation
      • Tree View Font Size
      • SQL Data Grid
  • Changelogs
    • Changelog
    • Extension Changelog
Powered by GitBook

PowerShell Universal

  • Downloads
  • Pricing
  • Gallery

Community

  • Issues
  • Forums
  • Discord

Support

  • Portal
  • Knowledgebase

Copyright 2025 Ironman Software

On this page
  • About
  • Admin Console
  • Access Control Types
  • Global Access Controls
  • Resource Access Controls
  • Tag Access Controls
  • API

Was this helpful?

Edit on GitHub
Export as PDF
  1. Configuration
  2. Security

Access Controls

Access controls for PowerShell Universal.

PreviousSecurityNextApp Tokens

Last updated 1 year ago

Was this helpful?

Access controls requires a .

About

Access controls allow you to define who has access to particular resources inside PowerShell Universal.

Access controls are supported by the following resources:

  • Apps

  • Scripts

There are three types of access controls.

  • Global

  • Resource

  • Tag

PowerShell Universal uses a least-privileged model and users have no access without an access control that applies to their role.

Access controls are defined within the accessControls.ps1 file within your PowerShell Universal configuration repository.

Admin Console

You can define access controls in the admin console under Security \ Access Controls.

Access Control Types

There are five different privileges that can be granted to users. These values are available on the [PowerShellUniversal.AccessControlType] enumeration.

  • View (1)

  • Edit (2)

  • Create (4)

  • Delete (8)

  • Execute (16)

You can define multiple access control types on a single access control by using a binary or operator.

For example, this creates a privilege for both Create and View.

$Type = ([PowerShellUniversal.AccessControlType]::Create -bor [PowerShellUniversal.AccessControlType]::View)

You can also use the integer values for a more terse syntax. This creates the same Create and View privileges.

$Type = 1 -bor 4

Global Access Controls

Global access controls allow you to define an access for a role for all resources of the chosen type.

For example, to allow any user with the ScriptBuilder role to create a script, you can define an access control using the following command. You'll also want to grant the View privilege so that the user can also view scripts.

$Type = ([PowerShellUniversal.AccessControlType]::Create -bor [PowerShellUniversal.AccessControlType]::View)
New-PSUAccessControl -Role 'ScriptBuilder' -ObjectType 'Script' -Type $Type

Resource Access Controls

Resource access controls allow you to specify access controls directly on a resource.

This example defines the execute privilege on the OnBoarding.ps1 script to the ScriptRunner role.

$Type = ([PowerShellUniversal.AccessControlType]::Execute -bor [PowerShellUniversal.AccessControlType]::View)
New-PSUAccessControl -Role 'ScriptRunner' -ObjectId 'OnBoarding.ps1' -ObjectType 'Script' -Type $Type

Tag Access Controls

Tag access controls allow you to specify an access control based on a tag. All tagged resources will have this access control defined. This allows you to group resources and apply access controls to the group.

The following example provides the edit privilege to the ScriptEditor role and the HR tag.

$Type = ([PowerShellUniversal.AccessControlType]::Edit -bor [PowerShellUniversal.AccessControlType]::View)
New-PSUAccessControl -Role 'ScriptEditor' -Tag 'HR' -Type $Type

API

New-PSUAccessControl
license