Devolutions ForumDevolutions Forum

Powershell - Create vault and set default security

Resolved

Powershell - Create vault and set default security

avatar
(user deleted)
Disabled

I need to be able to create a vault, role group and also set vault permissions using powershell.
The first two i have been able to do but can't figure out how to set the permission on the newly created vault.
forum image

All Comments (4)

avatar
Richard Boisvert

Hello Fredrik,

You would need to use the Set-DSEntityPermissions cmdlet to change the permissions at the vault level. Here is an example to grant view rights to a role.

$vaultID = "878254ae-fee1-45e9-ba14-0feee2a1e358"
$root = (Get-DSFolders ($vaultID)).Body.data | ? { $_.connectionType -eq 92 }

$Permissions = @(
            [ConnectionPermission]@{
                IsEmpty  = $false
                Override = [SecurityRoleOverride]::Custom
                Right    = [SecurityRoleRight]::View
                Roles    = @("99e32472-0278-4eec-8ba7-435e21382034")
            }
)

Set-DSEntityPermissions -EntityId $root.id -Permissions $Permissions


Please note the engineering team will add a cmdlet to return the root session more easily, I will let you know once it is available.

Best regards,

Richard Boisvert

avatar
Hello Fredrik,

You would need to use the Set-DSEntityPermissions cmdlet to change the permissions at the vault level. Here is an example to grant view rights to a role.
$vaultID = "878254ae-fee1-45e9-ba14-0feee2a1e358"
$root = (Get-DSFolders ($vaultID)).Body.data | ? { $_.connectionType -eq 92 }

$Permissions = @(
            [ConnectionPermission]@{
                IsEmpty  = $false
                Override = [SecurityRoleOverride]::Custom
                Right    = [SecurityRoleRight]::View
                Roles    = @("99e32472-0278-4eec-8ba7-435e21382034")
            }
)

Set-DSEntityPermissions -EntityId $root.id -Permissions $Permissions
Please note the engineering team will add a cmdlet to return the root session more easily, I will let you know once it is available.

Best regards,



I want specifically to set inherited permission. Is that possible?

avatar
Alexandre Martigny

Hello Fredrik,

There is a parameter to change the permission override. Please see the example below;

$vaultID = "878254ae-fee1-45e9-ba14-0feee2a1e358"
$root = (Get-DSFolders ($vaultID)).Body.data | ? { $_.connectionType -eq 92 }

Set-DSEntityPermissions -EntityId $root.id -PermissionOverride [SecurityRoleOverride]::Inherited


Best regards,

Alexandre Martigny

avatar
Hello Fredrik,

There is a parameter to change the permission override. Please see the example below;
$vaultID = "878254ae-fee1-45e9-ba14-0feee2a1e358"
$root = (Get-DSFolders ($vaultID)).Body.data | ? { $_.connectionType -eq 92 }

Set-DSEntityPermissions -EntityId $root.id -PermissionOverride [SecurityRoleOverride]::Inherited
Best regards,

Works like a charm except it should be:

Set-DSEntityPermissions -EntityId $root.id -PermissionOverride Inherited