Product: PowerShell Universal
Version: 5.5.0
I’m building a web-app to interface with my active directory, and my endpoints are in PowerShell Universal. One of my endpoints calls a PSU script to enabled the AD user, when i run the script alone, it works well, but with the endpoint i get an auth error calling the script: “Permission denied. The role specified does not have access to this resource”
I spent a couple hours troubleshooting it, but it seems like i can’t figure it out..
Here’s the important info:
Endpoint: enable-ad-account
Security
Authentification: enabled
Role: Administrator, script editor
Execution
Environment: PowerShell 7
Run as: XYZ
Script: Script_enable-ad-account.ps1
Execution
Environment: PowerShell 7
Credential: XYZ
Variable: XYZ
Type: PSCredential
Roles: Administrator, script editor
Disable Run as Support: NOT ENABLED
I have the feeling PSU ignore the run as option and automaticaly runs the code with my connected user, but this user has the admin role…
Any idea what causes the problem?
Endpoint code:
if ([string]::IsNullOrWhiteSpace($membre)) {
New-PSUApiResponse -StatusCode 400 -Body (@{ error = “Le nom du membre est requis” } | ConvertTo-Json) -ContentType “application/json”
return
}try {
$scriptPath = Get-PSUScript -Name Script_enable-ad-account.ps1$result = Invoke-PSUScript $scriptPath -membre $membre $result}
catch {
New-PSUApiResponse -StatusCode 500 -Body (@{ error = “Erreur lors de l’exécution du script: $($_.Exception)” } | ConvertTo-Json) -ContentType “application/json”
}