Hi,
I’m new to PowerShell Universal and want to achieve Role-Based Access in my environment.
I have added some tags and access controls based on the added tags. The access controls have been assigned to roles.
I want to achieve the following goals:
- Allow the user to create new scripts in a desired folder
- Allow the user to view, edit, and execute scripts based on access control tags
- Auto assign Access Control tag to newly created scripts
At this moment, I have the following configuration:
- Added tags “AC Workspace Engineers” and “AC Database Engineers”
- Added roles “Workspace Engineers” and “Database Engineers”
- Added access controls “Workspace Engineers” and “Database Engineers” with the following permissions: Create, Edit, View, and Execute
- Added two users: “Workspace Engineer” with the role “Workspace Engineers” and a user “Database Engineer” assigned to the role “Database Engineers.”
When I log in with one of the two users, I can’t add any script.
When I add both users to the Operator role too, they can create new scripts and assign them to a desired tag. However, the user “Database Engineer” can do everything with the script created by “Workspace Engineer,” and vice versa.
This is not desirable.