I am currently testing UA via a container.
Is there a way to modify permissions for a particular role or even add a new role?
I would like ‘Operators’ to be able to execute scripts, but not be able to delete them.
I appreciate any information.
Hi @adam any idea when this will be implemented / available ? it would be nice to “delegate” some access to roles / custom roles.
Many thanks in advance ! Cheers !
We added custom roles in v1.3. You can delegate access to APIs and dashboard with roles but we haven’t hooked up scripts\jobs yet. That will come in v1.4
Does this fit what your plans are for scripts and roles?
Assign permissions to roles:
- View script runs and logs
- Execute scripts
- Add/remove/edit scripts/script schedules
- Role scoping - for each script (or a folder containing scripts) assign role(s)
Use Cases to help explain the need:
- Expose subset of scripts to helpdesk to do activities without giving them the ability to modify scripts. Script would run as a service account and remove the need for permissions granted directly to the helpdesk technician
- Expose scheduled runs to operations monitoring to ensure daily jobs have run and escalate if issues found but not give them access to execute/maintain scripts
would also be interested in this, @adam any updates on this?
does the roles variable Role Based Access - PowerShell Universal (ironmansoftware.com)
also apply to scripts and schedules etc?
We currently don’t pass the $Roles variable to scripts or schedules but that would be a good idea.
This particular feature has been pushed around mostly because it’s a heavy lift and we want to make sure we have it consistent throughout the product. It’s currently our “big feature” for 1.6 since we have a lot of interest in it. I’ll be publishing a roadmap doc on our docs site in a bit to allow people to see what were planning and where were headed.