Granting Permissions to Roles

In order to grant new permissions to Roles, you will have to retrieved the Role in question and the Permission-object, that should be added to the Role, first. Afterwards, you are using the cmdlet Grant-EmdbPermission, to grant the right to the Role.


Examples:


Hint: The execution of these examples requires a connected PowerShell drive.


The Role 'Testing Manager', that was created in the example under Creating Roles, was initially created with a very limited set of permission. To expand the set of tasks, Role-owners of this Role can perform, additional Permissions must be associated to the Role. In the following example, the right 'Use Software' should be granted to this Role. This is accomplished by first retrieving the corresponding Role- and Permission-objects and then associating these objects via the Grant-EmdbPermission cmdlet:


$MyRole = Get-EmdbRole "Packaging Manager"

$MyPermission = Get-EmdbPermission "Use Software"

Grant-EmdbPermission -Role $MyRole -Permission $MyPermission


If you want to grant a Permission to all modifiable Roles (i.e., Roles that are not System-objects), the following example can be used:


$MyPermission = Get-EmdbPermission "Custom.Reboot"

Get-EmdbRole | Where-Object {$_.IsSystem -eq $false} | Grant-EmdbPermission -Permission $MyPermission


Another example is granting all userdefined Permissions to the Role 'Packaging Manager':


$MyRole = Get-EmdbRole "Packaging Manager"

Get-EmdbPermission "Custom.*" | ForEach-Object {Grant-EmdbPermission -Role $MyRole -Permission $_}


Note: Note that Role-objects are not part of the context rootDSE and therefore they can be referenced without a full qualified path resp. an absolute path.