Determining Role Owners

The effective permissions, as described in section Basics, in DSM 2014.1 are a triplet of a user object (or an external group object), a role and a given context. This section describes how to determine the user (or external group) and the context of a role.


Hint: The execution of these examples requires a connected PowerShell drive.

To determine the role owners and the context of the role 'Helpdesk User' we first retrieve the role object and then utilise the associations of the types 'RoleOwners' resp. 'RoleExternalGroups':

$MyRole = Get-EmdbRole "Helpdesk User"

$MyRoleOwners = $MyRole.GetAssociations("RoleOwners")

$MyRoleExternalGroups = $MyRole.GetAssociations("RoleExternalGroups")

The associations stored in the lists $MyRoleOwners resp. $MyRoleExternalGroups enable us to retrieve the wanted information:

$MyRoleOwners | Foreach-Object { $_.GetTargetObject() }

The example code returns all owners of the role 'Helpdesk User'. The same mechanism can be used for external groups:

$MyRoleExternalGroups | Foreach-Object { $_.GetTargetObject() }

To give meaning to the information the context of the permission has to be retrieved. The associations 'RoleOwners' resp. 'RoleExternalGroups'  holds this information also:

$MyRoleOwners | Foreach-Object { $_.GetGrantedObject() }

$MyRoleExternalGroups | Foreach-Object { $_.GetGrantedObject() }