Access Controls Not Processing Correctly

alexk · April 13, 2022, 10:31pm

I’ve got PSU 2.10.0 using Windows Authentication. Created a new role ‘ScriptCreator’ -

New-PSURole -Name 'ScriptCreator' -Description "Can create new scripts" -Policy {
    param(
        $User
    )
    if ( $User.HasClaim("http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", 'S-1-5-21-1517553028-2257492215-940012151-49037') ) {
        return $true
    }
}

I created a new Global access control ViewCreate that I assigned to this role

$ViewCreate = ([PowerShellUniversal.AccessControlType]::Create -bor [PowerShellUniversal.AccessControlType]::View)
New-PSUAccessControl -Role 'ScriptCreator' -ObjectType 'Script' -Type $ViewCreate

My test user can log in to the admin console and view scripts, but the option to create doesn’t seem to be present. Did I screw something up?

Product: PowerShell Universal
Version 2.10.0

adam · April 13, 2022, 11:29pm

You’re access control looks correct. I just check the UI code and that looks correct. I’ll have to setup a test and open an issue for this. If it’s broken, I’ll make sure it’s fixed in 2.10.1.

alexk · April 14, 2022, 1:27pm

Thanks! This was the case in 2.9.2 as well. I updated to 2.10.0 to see if that helped anything when it didn’t work initially. Not sure if that’s helpful info at all, but there you go

Topic		Replies	Views
Creating new Access Control PowerShell Universal	2	148	July 10, 2024
PowerShell Universal v2 Has been Released PowerShell Universal	9	632	June 3, 2021
Unable to Create Access Controls PowerShell Universal	1	143	July 27, 2023
Identities not showing the correct scripts based on access controls PowerShell Universal	4	191	December 1, 2023
2.0 Access Controls PowerShell Universal	5	398	June 3, 2021

Access Controls Not Processing Correctly

Related topics