Forum / Remote Desktop Manager - PowerShell Repository

Renaming a role and update permissions

  • Create an Issue
  • Cancel

Hello,

When a role is renamed in Roles Management, the folders or entries permissions aren't updated. The following script will update the role's name and all permissions on which this role is set.

# Load RDM PowerShell module. 
# Adapt the folder's name if you are not using the default installation path.
if (-not (Get-Module RemoteDesktopManager.PowerShellModule)) {
Import-Module 'C:\Program Files (x86)\Devolutions\Remote Desktop Manager\RemoteDesktopManager.PowerShellModule.psd1'
}

function Rename-Role
{
param (
[Parameter(Mandatory=$True,Position=1)]
[string]$oldRoleName,
[Parameter(Mandatory=$True,Position=2)]
[string]$newRoleName,
[Parameter(Mandatory=$True,Position=3)]
[string]$dsName,
[Parameter(Mandatory=$True,Position=4)]
[bool]$chgRole
)

$ds = Get-RDMDataSource -Name $dsName
Set-RDMCurrentDataSource $ds
Update-RDMUI

# Renaming the role
if ($chgRole)
{
Try
{
$role = Get-RDMRole -Name $oldRoleName -ErrorAction SilentlyContinue
$errorOccured = $false
}
catch
{
$errorOccured = $True
}
if (!$errorOccured)
{
Set-RDMRoleProperty -Role $role -Property Name -Value $newRoleName
Set-RDMRole $role
}
}

$repositories = Get-RDMRepository

foreach ($repository in $repositories)
{
Set-RDMCurrentRepository $repository
Update-RDMUI

$sessions = Get-RDMSession

foreach ($session in $sessions)
{
[bool]$updateView = $false
[bool]$updatePerms = $false

# Replace role name in View permission
$roles = $session.Security.ViewRoles
if ($roles -contains $oldRoleName)
{
$roles = $roles -replace [Regex]::Escape($oldRoleName), $newRoleName
$session.Security.ViewRoles = $roles
$updateView = $True
}

# Replace role name in other permissions
$perms = $session.Security.Permissions
$newPerms = @()
foreach ($perm in $perms)
{
$roles = $perm.Roles
if ($roles -contains $oldRoleName)
{
$roles = $roles -replace [Regex]::Escape($oldRoleName), $newRoleName
$perm.Roles = $roles
$newPerms += $perm
$updatePerms = $True
}
}
if ($updatePerms)
{
$session.Security.Permissions = $newPerms
}

if ($updateView -or $updatePerms)
{
Set-RDMSession $session -Refresh
}
}
}

Update-RDMUI
Write-Host "Done!!!"
}

Best regards,



Érica Poirier

signaturesignature

Clock2 yrs

- Why is this necessary still 2 years later? You offer this feature in the GUI but it blow's away the underlying data away.
- Why even have ID's and a relational database if you are going to use the text and not ID's to associate objects with?
- Why offer the ability to rename in the GUI if we actually need to do is this in powershell if we expect it to work?
- How are users supposed to know when a feature offered in the GUI, really should be done via Command Line if you actually expect it not to destroy data?

I have managers and first level administrators that I want to pass this job off to. They are never going to do powershell.

Clock4 mths

Hello,

1a - Why is this necessary still 2 years later? ...
This forum is a powershell repository, many people automate this type of worklow.
1b - ...You offer this feature in the GUI but it blow's away the underlying data away.
See point 3
2 - Why even have ID's and a relational database if you are going to use the text and not ID's to associate objects with?
We have a project to switch to object SIDs, but it hasnt moved from the backlog at this time.
3 - Why offer the ability to rename in the GUI if we actually need to do is this in powershell if we expect it to work?
This would be a bug that would have a high priority, I will check with the QA lead on this. We will open a ticket or kick up the priority. The bug fix will surely be that we do not allow renaming, thats because of our plan to move to SIDs
4 - How are users supposed to know when a feature offered in the GUI, really should be done via Command Line if you actually expect it not to destroy data?
see point 3

5 - I have managers and first level administrators that I want to pass this job off to. They are never going to do powershell.
Our feeling was that renaming an AD group is an event that occurs rarely, at least this is the case for the majority of our customers. We do not expect to allow non-sysadmins to support that workflow


If we open a new ticket, its number will be sent to you to ease tracking.

Best regards,



Maurice Côté

signaturesignature

Clock4 mths