Product: PowerShell Universal
I’m just wondering if I’m mis-understanding how to use access controls / tags, I’ve read the documentation and created a new role for ‘servicedesk’ (based on a claim type - aad group).
Secondly I’ve created a tag called ‘servicedesk’.
I’ve then created an access control and associated the tag to the role with edit/view/execute permissions.
I’ve also applied the tag to one of my apps/dashboards.
However, with my test user, they can login to PSU Admin, but can only see an empty automation menu, and cannot see anything app related (menu options do not even show).
I had this issue too, and ended up just changing the process. From what I found they needed to be in a system role as well otherwise, they couldn’t see any menu items on login. I followed the same basic process but also put those groups into the reader group and it worked. Its not ideal as I didn’t want this group to be able to see everything in PS Universal but its the only way I could get it working.
Thanks for the feedback - maybe one for @adam as a possible feature enhancement if this is by design?
Hmm, just tried this approach, and while it opened up visibility to all areas, it still didnt provide any edit access as specified by the access control.
I’m giving the ‘Servicedesk’ role by group claim and then nesting the ‘Reader’ role inside that.
Access controls need to be improved. We add some basic implementation of app controls in v4 but it wasn’t comprehensive and I think it’s exactly why you are seeing issues with them. They were originally developed for scripts with the hope of extending them to the whole platform but it never happened.