Manipulating Authorization Policies

Does anyone know of a way to manipulate authorization policies after the dashboard has been started/built. The problem I’m currently having is finding a way to update the built in $AuthorizationPolicy object if I make changes for example, after the dash has been started.

Is there any way to rebuild the policies? or even just manipulate $AuthorizationPolicy.endpoint.scriptblock ?

Example, if i do $AuthorizationPolicy = AuthorizationPolicy | ? {_.name -ne “MyPolicyToRemove”}
nothing changes. Any Ideas?

The reason I’m looking into doing this is because I’ve got a SQL table with my auth policies in, which popuates the dash auth policies when it’s built (currently works fine), I also dynamically lookup and apply these policies from sql when dot sourcing in all my pages. I’m looking to create an admin page so that I can manage who has access to what page etc while the dashboard is still running.

You might be able to. Here’s how you access the current policies for the dashboard.

$Dashboard = Get-UDDashboard 
$Dashboard.DashboardService.Dashboard.LoginPage.AuthorizationPolicy 

The policies are re-evaluated on login and not on every action so if you do change the policies, the user will have to login\logout. You might be able to check the policies in a scheduled endpoint and refresh them from your SQL table.

Thanks Adam.
I’ll give this a play around with. In all honesty I’ve probably not fully thought it through. Although it will still be a good way to manage the policies from the front end. Still working out where the limitations are and what my actual end goal is. I’ll have to demo what I’ve built once I get there!