Default role operator gone

Product: PowerShell Universal
Version: 3.8.8

Greetings everyone! I was just configuring identities and roles for our instance.
When I configured the default role “operator” to be mapped to an Azure AD group it just disappeared. It was there, then suddenly it was gone. Obviously I haven’t deleted it, as you can’t delete default roles.

See here:

roles.ps1:


New-PSURole -Name "Administrator" -Description "Administrators can manage settings, create and edit any entity and view all the entities with PowerShell Universal." -ClaimType "groups" -ClaimValue "redacted" 
New-PSURole -Name "Reader" -Description "Readers have read-only access to PowerShell Universal. They cannot make changes to any entity within the system." -Policy {
param(
[Security.ClaimsPrincipal]$User
)
        
<# 
  Policies should return $true or $false to determine whether the user has the particular 
  claim that require them for that role.
#>

$false
} 
New-PSURole -Name "Execute" -Description "Execute scripts within PowerShell Universal." -Policy {
param(
[Security.ClaimsPrincipal]$User
)
        
<# 
  Policies should return $true or $false to determine whether the user has the particular 
  claim that require them for that role.
#>

$false
} 
New-PSURole -Name "User" -Description "Does not have access to the admin console but can be assigned resources like APIs, scripts, dashboards and pages." -ClaimType "groups" -ClaimValue "redacted"

How can I get the role back?

You can just add it back to the roles.ps1.

New-PSURole -Name "Operator" -Policy {
param(
[Security.ClaimsPrincipal]$User
)
        
<# 
  Policies should return $true or $false to determine whether the user has the particular 
  claim that require them for that role.
#>

$false
} 

Will the default permissions be applied in that case as well?

It’ll just have all the permissions set. They are static within PSU and it’s just looking for that “Operator” role name.

1 Like

Nice, thanks!