Hello - i recently came across powershell universal and would like to know if it’s possible to create a dashboard to perform the creation and modification of distros. With the active directory template and some minor modifications, I was able to test both scenarios but the only question i have is can we control user access to only modify those groups the user created? For instance, if the user is added to the managed by field for the distribution group, then that user is allowed to modify the distro. Or maybe a user, or users, can modify a group of distros based on an access list of some sort. Potentially, we may have a group of users (e.g. helpdesk) that can modify all distributions groups but another deparment/team can modify only the distros belonging to them. Thanks.
In my head a quick solution is add who creates or modify the group to a custom database. To hold the values of the distribution group name the managed by name and who modified it in the dashboard. Then whenever you go to change a distribution group you can do an sql query to the db to see if the current dashboard user is the user who modified it or not this allowing or denying them the change based on the sql query output
Ok, thanks for the advice
I would approach this slightly different, but it all depends on requirements, and situation right? So while psdevuk’s solution might be perfectly valid, in my experience, things often change outside of a defined process, you’ll end up with that one engineer who decides to create DL’s outside the process you define and all of a sudden unless you have a sync job of some kind your data is out of date.
Personally I’d just connect straight to exchange online as the single source of truth and present that data on the dash, using the ManagedBy/Owner field of the distribution list to identify the who. It would still be worth recording an audit trail of the actions taken by your automation so that you have some way to check back if you don’t want to have to delve into exchange logs - which would only show your app registration anyway, rather than the individual who’s accessing the page.
Use server side processing for your tables so that you don’t run into long loading times, leverage filters and searches to make the experience better for users.
You can use the uses claims on the dashboard to identify if they are part of the servicedesk group and therfore give them access to modify all. Otherwise they need to be a ‘managedby’ member.
Thanks for explanation @insomniacc!