Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Possible to Assign Security Groups via Powershell?
#1
Possible to Assign Security Groups via Powershell?

I am wondering if the new versions allow folder security default groups to be set via powershell yet.

I have a hierarchy of several thousand customer folders each containing 16 or so sub folders.  I would like to change the default security at each sub folder level using 2 different security groups.  One group should have read of the connections and the 2nd group should have full control (i.e. the ability to create new connections in the folder).

Manually doing this trough the UI will take many hours so I am looking for a way to script this.  Thanks for any help.
Reply
#2
It is currently not possible via Powershell - but if you do not plan to assign different security groups you can use MultiEdit for this operation
Regards/Gruss
Oliver
Reply
#3
(06-06-2017, 09:16 AM)DevOma Wrote: It is currently not possible via Powershell - but if you do not plan to assign different security groups you can use MultiEdit for this operation

Unfortunately the groups are different for each of the 16 sub folders and I need to do it under each customer Sad
Reply
#4
Try to add it in PS-API asap...
Regards/Gruss
Oliver
Reply
#5
I see you have added this to the latest version. Thank you very much. I will test ASAP.

PS

I found a security flaw in the new version and will PM you.
Reply
#6
(29-08-2017, 02:46 AM)mostau Wrote: I see you have added this to the latest version.  Thank you very much.  I will test ASAP.

I used the new cmdlets to set security on a copy of the DB.  They work, however I have 2 issues as a result.

Issue 1:  You do not in include all of the permissions possible to set in the documentation
This is what you list...
Possible values:
_Read_ : Permission to read the item
_Delete_ : Permission to delete the item
_Edit_ : Permission to edit the item
_EditPer_ : Permission to edit personal settings of the item
_CreateSubItems_ : Permission to create sub items
_Private_ : Permission of full control of private items

I also need values for the other 2 branches (i.e. "Inheritable connection security", which contains settings like "Set assigned credentials", and "Miscellaneous", which contains settings like "Edit assigned personal credentials").

Without the ability to set these permissions in the script these users are unable to set personal credentials for the folders and connections.

Issue 2:  When I discovered no one could use their personal credentials I then used the Remove-RDSecurityItemAssign cmdlet to remove all of the privileges from the folders for the same groups.  This should have returned inheritance to the higher level where I had these additional permissions assigned, however after running the command and verifying that the folders no longer had any security at that level, the users no longer see any of the subfolders (even though I can see them all as an admin, and am able to verify that there is no security at that level). 

I am now at somewhat of an impass as I cannot set the required perms with the powershell cmdlets (due to the missing options described above), and I can't have those same folders re-inherit the permissions from the higher level.

Please provide some guidance as to how I can move forward.  Thanks.
Reply
#7
Will fix it asap - and think about to give you a private build to continue soon...
Regards/Gruss
Oliver
Reply
#8
(11-09-2017, 08:52 AM)DevOma Wrote: Will fix it asap - and think about to give you a private build to continue soon...

Thanks, please keep me posted.
Reply
#9
Today I had problems with our signing server - so no new build available - but could you try to remove the security settings in UI - just select Permission of an object and choose the dropdown right of "Default values" - there you should be able to remove the data - will try to build new binaries tomorrow
Regards/Gruss
Oliver
Reply
#10
(12-09-2017, 03:18 PM)DevOma Wrote: Today I had problems with our signing server - so no new build available - but could you try to remove the security settings in UI - just select Permission of an object and choose the dropdown right of "Default values" - there you should be able to remove the data - will try to build new binaries tomorrow

That is sad news Sad

Unfortunately there are 8,000 folders involved so there is no easy way to do manually.

I'm trying to prevent a total drop back on the upgrade so as soon as possible please.
Reply
#11
(12-09-2017, 03:18 PM)DevOma Wrote: Today I had problems with our signing server - so no new build available - but could you try to remove the security settings in UI - just select Permission of an object and choose the dropdown right of "Default values" - there you should be able to remove the data - will try to build new binaries tomorrow

PS

When I look in the UI there are NO default values defined for any of them, however the users still cannot see them.  It's almost like removing the permissions has left a record there that is denying access, but it is not visible in the UI.  I will go rerun the script to put read access back on each folder, then see if it shows up in the UI.
Reply
#12
(12-09-2017, 06:47 PM)mostau Wrote: PS

When I look in the UI there are NO default values defined for any of them, however the users still cannot see them.  It's almost like removing the permissions has left a record there that is denying access, but it is not visible in the UI.  I will go rerun the script to put read access back on each folder, then see if it shows up in the UI.

That was it!  After rerunning the script to put at least the Read permission back on each Security Item Assignment they showed back up in the UI on each folder.

I then tested that I was able to remove the default on a folder and it re-inherited  security from the level above as expected.

So that is some good news, however I am not going to do that manually in the UI for all 8,000 folders so please provide the new build asap so I can set the proper perms via powershell, thanks.
Reply
#13
(12-09-2017, 10:55 PM)mostau Wrote:
(12-09-2017, 06:47 PM)mostau Wrote: PS

When I look in the UI there are NO default values defined for any of them, however the users still cannot see them.  It's almost like removing the permissions has left a record there that is denying access, but it is not visible in the UI.  I will go rerun the script to put read access back on each folder, then see if it shows up in the UI.

That was it!  After rerunning the script to put at least the Read permission back on each Security Item Assignment they showed back up in the UI on each folder.

I then tested that I was able to remove the default on a folder and it re-inherited  security from the level above as expected.

So that is some good news, however I am not going to do that manually in the UI for all 8,000 folders so please provide the new build asap so I can set the proper perms via powershell, thanks.

I received the updated version and we are up and running with no issues now.  Would still like a way to completely remove a Security Item once it is there for a given group, but we don't need that at the moment.

Thanks very much for the quick response Smile
Reply
#14
Ok - great :-) Remove of properties (like security settings) will be in next official patch :-)
Regards/Gruss
Oliver
Reply




Users browsing this thread: 1 Guest(s)