Product: PowerShell Universal
Version: 5.5.4
I just wanted to make sure I’m not missing anything here before I raise an issue.
On V4 I had tags setup on some scripts, and those tags were assigned to a role.
Users were able to login to the /admin link and view + execute those scripts.
Now that I’ve migrated to v5 I’m looking to leverage the new Portal functionality rather than letting people in the admin page.
my codebase is the same, the tags allow me to login with a test user.
I first see the tag ‘IAM’ and click open, I then see all the scripts associated.
Each one has a title & description in its own card, with an ‘Open’ button.
Clicking the Open button does nothing, other than change the URL to ‘/portal/scripts/folder%20name/subfoldername/scriptname.ps1’ but the page I’m on doesnt change.
I thought, maybe I’ve missed something, and added the relevant permissions to the same role that’s assigned to my tag.
I added two permissions for testing, figured I’d start with a broad net and narrow it down after:
‘portal/’ and 'automation.scripts/’.
I opened a new private window, logged back in with my test user, but it’s exactly the same, and I cannot see any way to execute the scripts.
Also may be of note, the test user cannot see any jobs for the tagged scripts either.
It’s as though the permissions are not taking effect.
I do have a custom script path set if that changes anything?
Maybe I’m a little confused as to how this all works. I figured I could just tag all my scripts and then associate tags to roles, and roles to permissions in the admin menu.
I did manage to get it working in the portal for users to execute scripts, but I had to edit properties on the script, script by script, click on the ‘portal’ tab, and add the roles there, otherwise it doesn’t work with tags & permissions alone.
Is tagging mainly a mechanism just used for the admin menu? If so how come it controls what appears in the portal - but does not allow grouped permissions to be applied on portal resources, e.g execute?
Also, looking at the roles configuration, when I choose one to edit, I’m not understanding why the ‘Permissions’ field / drop down is empty and has no available options to choose.
I’d have expected either some default permissions to show, or permissions I’ve created in the permissions menu? (looking through docs Role Based Access | PowerShell Universal I cant see anything creating/editing roles in the admin menu that mentions this or how to use it, but I’m starting to wonder if this is my issue, since upgrading from v4 to v5, this is new, aside from the missing items in the drop down, I’ll configure this in the roles.ps1 file and report back if it solves my issue.
Edit: just noticed the docs here: Permissions | PowerShell Universal
“Roles currently cannot be assigned permissions in the permission UI.”
After playing around with it, I think there’s just a disconnect between tags and roles, the expectation as a user is that you can tag resources and apply that to a role, and then apply permissions to the role, and everything will just work. But in reality, you still currently have to configure script resources one by one with roles (even if they’ve been tagged) in order to get the permissions applied, please correct me if I’m wrong here!