Product: PowerShell Universal
Version: 5.3.3
I’m not sure if this is by design to allow granularity, so apologies if it is.
The Administrator role in our instance has all other roles nested, but when creating an AppToken it seems to receive only that Administrator role, but no nested roles. It can only access APIs specifically assigned the Administrator role.
I am only able to assign one role via the admin user interface - the drop down isn’t multi-select
I can see from the documentation for Grant-PSUAppToken that role parameter should accept a string array, but when trying to provide an array it errors with unable to convert to system.string
universal-docs/cmdlets/Grant-PSUAppToken.txt at v5 · ironmansoftware/universal-docs · GitHub
Should it be possible to assign more than one role to an app token or should the granted role honour nested roles?
At least as a temporary workaround, could you create a new role that you assign to the token, and then assign the new role to the resources you want it to access, so there’s no need for the token itself to have multiple roles? Or would that be too many things to have to edit in order to add the new role to?
This was also a request from 2021, for the record: Feature Request: App Tokens with multiple Roles
At the moment I only really need two tiers of access level, so I’m using two different app tokens. It’s ok for now, but business requirements can change fast.
I did consider your method, but only requiring one more level of access meant it was easier to implement a second token.
I suppose I was a little curious with the documentation showing an array should be passed for Role whether it was already coded in and changing the parameter type got overlooked or accidentally regressed at some point - or whether the documentation was just wrong.
1 Like
