Adding Role-Owners to Roles

In this section it is discussed how role owners can be added to roles and how to give context to roles using the cmdlet Grant-EmdbPermission.


Hint: The execution of these examples requires a connected PowerShell drive.

.To add a role owner to a role, first the user resp. the external group that is acting as a role owner, the context object and the role itself have to be retrieved:

$MyUser = Get-EmdbUser -Path 'emdb:\rootDSE\Managed Users & Computers\Users\Tester'

$MyContext = Get-EmdbDomain -Path 'emdb:\rootDSE\Managed Users & Computers\TestingArea'

$MyRole = Get-EmdbRole -Path 'Testing Manager'

Now the role ownership for the given context can be created:

Grant-EmdbPermission -Role $MyRole -Grantee $MyUser -OnObject $MyContext

In the example the user 'Tester' gains permission in the context of the object 'TestingArea' utilising the rights associated with the role 'Testing Manager'.