Unfortunately still having issues with permissions. Can’t get my head around it.
So this is something that worked before and i only had issues with Get-PSUScript permissions, but now it seems the following does not work.
RoleA has the following permissions:
automation/view
automation.scripts/view
home/view
automation.jobs/view
automation.jobs/read
automation.scripts.ScriptSubFolder Name\SubFolder2\Scriptname.ps1/*
automation.scripts.scriptname.ps1/*
What I’m trying to acheive is just give a specific role access to view, read (and maybe edit/execute if required) specific scripts only, they shouldnt see any other scripts beyond that.
But the outcome seems to be that the role has access to login to the admin portal, can see the menu options for scripts, but gets access denied. I remember having this issue before, and the solution was just adding automation/view, though this is already there (not sure if this is an issue on 5.6.6. only (v5 Permissions/Roles · Issue #4954 · ironmansoftware/powershell-universal)
Also, if i give automation.scripts/read then it enables the role to see ALL scripts which is not what I want to do. Curiously, automation.jobs/read does not seem to behave the same way, and I still need to provide granular access to scripts for the user to see the jobs of that script regardless of having automation.jobs/read.
This is the only blocker for me to open up this solution to other teams and individuals, hope to get this one sorted soon.
Edit: just to note, i have a non standard script base path too
Edit2: The only way I’ve got past the ‘Not Authorized’ error is by adding either automation/read or automation.scripts/read, but then that gives access to see all scripts in the system which I don’t want for that role.
Edit3: Tested on 5.6.4 and it’s the same. The last time I tested this as working was when i raised the above issue on 5.6.0.
I’ve reactivated that issue. I’ll take another look and let you know if I need more info.
