Role Based Access


I’m new to PowerShell Universal and want to achieve Role-Based Access in my environment.

I have added some tags and access controls based on the added tags. The access controls have been assigned to roles.

I want to achieve the following goals:

  • Allow the user to create new scripts in a desired folder
  • Allow the user to view, edit, and execute scripts based on access control tags
  • Auto assign Access Control tag to newly created scripts

At this moment, I have the following configuration:

  1. Added tags “AC Workspace Engineers” and “AC Database Engineers”
  2. Added roles “Workspace Engineers” and “Database Engineers”
  3. Added access controls “Workspace Engineers” and “Database Engineers” with the following permissions: Create, Edit, View, and Execute
  4. Added two users: “Workspace Engineer” with the role “Workspace Engineers” and a user “Database Engineer” assigned to the role “Database Engineers.”

When I log in with one of the two users, I can’t add any script.

When I add both users to the Operator role too, they can create new scripts and assign them to a desired tag. However, the user “Database Engineer” can do everything with the script created by “Workspace Engineer,” and vice versa.

This is not desirable.