Permission inheritance on entire vault.

Published 3 years ago

Hi,

We are trying to streamline permissions on our infrastructure by defining the groups permission on the root folders and letting all connections within a vault inherit those.

I was wondering if their was a simple way to identify if a session has fully inherited permissions or if some are custom?

The best 'brute force' approach I found was the following, but I am unsure if this might break the access to sessions:

# Recovering the sessions from within the vault with
# specific permissions
$Sessions = Get-RDMSession | ?{$_.Security.Permissions.Count -gt 0}

# Removing existing peremissions for the found sessions
foreach($Session in $Sessions){
  $Session.Security.Permissions.Clear()
  Set-RDMSession $Session
}

Would this be a viable approach or should I also modify other properties?

Best regards,

Alexis De Jaeger

All Comments (3)

Erica Poirier

Published 3 years ago

Hello,

You can test if the RoleOverride property is set to Custom to know if there is any specific permissions set on this entry.

$Sessions = Get-RDMSession | ?{$_.Security.RoleOverride -eq 'Custom'}

Then, to remove all permissions, just set the RoleOverride property to Default.

$Session.Security.RoleOverride = 'Default'

Let us know if that helps.

Best regards,

Érica Poirier

Alexis De Jaeger

Published 3 years ago

Hi Erica,

It does exactly what I wanted to do.

Thank you very much for your help.

Best regards,

Alexis De Jaeger

Erica Poirier

Published 3 years ago

Hi Alexis,

Thank you for your feedback and glad that the provided solution was helpful!

Best regards,

Érica Poirier