Product: PowerShell Universal
I’m attempting to give a specific team access to specific areas on the admin console. I’ve got a custom role setup to assign based off their Okta role claims, and that is working. I used Access Controls and a Tag to give them permission to edit/run an existing script in a subfolder in Scripts, but I would like them to be able to create scripts in only that folder. I would also like them to be able to setup schedules for their scripts, and if possible not be able to modify any others unrelated to their scripts. Is this granularity even possible?
I’ve since upgraded to 4.0.6, but still looking for guidance on this if there is any. Ideally I would like to just allow a group the ability to create/edit/modify/schedule any scripts they are tagged for.
This isn’t implemented. Access controls do not currently support schedules or folders. Feel free to open a feature request.
We are starting to get a lot more requests for access controls across the platform so I think we will adjust the roadmap to start to prioritize that.
Not yet. We are doing some planning a better access control system. Currently, it requires a lot of duplication and is super error prone. Once complete, we should be able to just cover all resources with out having to implement each one and subsequently find the bugs.
@adam - We currently use AD groups and Windows auth to control access and authorization. I have been thinking about ways to grant a single user access to a specific resource (script or a certain page on a dashboard). Is there a good way to handle this today without giving that user a specific role? Or is this something that is in the works like you described?