Cannot edit Roles

PowerShell Universal
1

I just upgraded to 2.0.3. Now when I create a new Role then modify the code and hit Save, the edits won’t save. Looking directly in the roles.ps1 file, I can see that the role is created, but the only content within -Policy is “# Define your policy here”. When I hit ‘save’ in the GUI, the file gets modified, but the contents remain the same.

The behavior is the same for roles we’ve had for a long time - changes I make and save in the GUI will not persist.

Product: PowerShell Universal
Version: 2.0.3
2

What role is the identity you are using? I found recently that if you’re not an admin then the GUI saving does not work in 2.0.3

3

I am using my AD account, which is an admin. Or at least, I set it to Administrator under Identities. I also seem to have complete access to everything in the admin console, so I am pretty sure I am an admin.

Since my last post my troubles have deepened. I edited the roles.ps1 file directly to add the code since I couldn’t in the GUI. The role shows up with the code now in the GUI - but ALL roles are now broken! I’ve had to remove authentication from all my dashboards, which is obviously not an ideal situation. I double-checked the code and I don’t see any errors - it’s a copy/paste from another role I know was previously working.

How can I troubleshoot this?

4

@hodgese, can you paste your role code here? And what version of PSU did the role previously work on?

5

I started from scratch on the file, leaving the four built-in roles. Then I added this to the file:

New-PSURole -Name "TestDashUser" -Policy {
param($User)
        
$approvedGroups = "ITO Admins"
$approvedUsers = ""

$result = $false

If ($($User.Identity.Name) -eq 'Admin') {
    $result = $true
}
Else {
    
    $memberOf = ([ADSISEARCHER]"samaccountname=$($User.Identity.Name)").Findone().Properties.memberof -replace '^CN=([^,]+).+$','$1'
    foreach ($approvedGroup in $approvedGroups) {

        If ($approvedGroup -in $memberOf) {
            $result = $true
        }
    }
    
    If ($($User.Identity.Name) -in $approvedUsers) {

        $result = $true
    }
}

$result
}

Then I enable Auth on a dashboard and assign that role. As soon as I do that, I can no longer access the dashboard. This code worked before my upgrade… pretty sure I was on 1.5.18 before.

Just for good measure, I also tried this, with the same result (the Unauthorized page)

New-PSURole -Name "TestDashUser" -Policy {
param($User)
Return $true
}
6

I added a line inside New-PSURole to write to a text file before it returns $true. The text file is not created. It seems like PSU is not even executing the code.

Here are the log entries from when I try to access a page with auth turned on and the TestDashUser role applied to it:

image
image1410×133 87.4 KB

NOTE: I ran out of time to investigate this problem and reverted to a VM snapshot prior to my upgrade to 2.0.3.

7

I’ll take a look but one thing you can try is to increase the log level to debug to see which roles are being evaluated. I realize you may not have time to try to upgrade again but if you do, please try that.