Just got PS Universal and excited to get everything moved to it. I am messing around with pages and permissions and am not getting the expected behavior( I am probably doing something wrong).
I created a new role ( Service-Desk) and manually added 2 accounts to it(by going to the accounts and selecting the role from the drop down, Windows Auth is setup).
I then create a page and add the Service-desk role and also the Administrator role.
When I go to the page with the admin account I see the logo on the top left along with navigation and the page description below.
When I go to the page via the account with the service-desk role nothing is displayed just a white screen. If I remove the account from the new role I get the Unauthorized so I know permissions are working. I added a button to the page and the admin sees the button but the Service-Desk does not see it. Is this expected behavior or am I doing something wrong?
@adam,
Hey Adam, It looks like this was fixed in 2.7.0. It looks like it gets further but still have problems.
The user can now see the page and the form on it but if they click any button they get an Error! page.
I dont see a way to send them through the form. How do you want me to get them to you? do you want me to enable debugging and re-produce before exporting them also?
I can reproduce this. The issue happens when the user does not have the permissions to execute the script. We need to improve the user experience here.
Here’s how I worked around it. I have a custom role page that is assigned to my custom role.
The final step is to setup access controls to allow access to the script from the custom role. In accessControls.ps1, I’ve assigned the role view and execute permissions directly to the script.
Giving access to the script would allow them to go into the admin psu and run it right? Will do some more playing around but i figured if they had access to the page that is all they needed and did not have to give individual script access.
This worked, to make it easier I created a tag and assigned the permissions to the tag. This way I just need to take the script and I can see who has access. I do wish the admin side was gated behind a permission so users do not stumble apron it. While it does not show them to much other then jobs ran and by who.
Thank you for your time
Mike