Scripts/Principals/add-cohesityviewforprincipal.ps1
function Add-CohesityViewForPrincipal { <# .SYNOPSIS Specify the security identifier (SID) of the principal to grant access permissions for views. .DESCRIPTION Add Views that the specified principal has permissions to access. .NOTES Published by Cohesity .LINK https://cohesity.github.io/cohesity-powershell-module/#/README .EXAMPLE Add-CohesityViewForPrincipal -PrincipalType "GROUP" -PrincipalName user-group1 -ViewNames view1, view2 Add views view1 and view2 to grant access to user-group1 .EXAMPLE Add-CohesityViewForPrincipal -PrincipalType "USER" -PrincipalName user1 -ViewNames view1, view2 Add views view1 and view2 to grant access to user1 .EXAMPLE Get-CohesityView -ViewNames view1,view2,view3 | Add-CohesityViewForPrincipal -PrincipalType USER -PrincipalName user1 Piped view names to grant access to user1 #> [OutputType('System.Collections.Hashtable')] [CmdletBinding(DefaultParameterSetName = "DefaultParameters", SupportsShouldProcess = $True, ConfirmImpact = "High")] Param( [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [ValidateSet("USER", "GROUP")] # Principal type "USER" or "GROUP" to differentiate between cohesity user and group. [string]$PrincipalType, [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] # Principal name of "USER" or "GROUP" type. [string]$PrincipalName, [Parameter(Mandatory = $true, ParameterSetName = "DefaultParameters")] [Parameter(Mandatory = $false, ParameterSetName = "PipedViewObject")] [ValidateNotNullOrEmpty()] # The view names to grant access for the principal. [string[]]$ViewNames, [Parameter(Mandatory = $false, ParameterSetName = "PipedViewObject", ValueFromPipeline = $true, DontShow = $true)] # Piped object for view. [object]$PipedViews ) Begin { $pipedViewNames = @() } Process { if ($PipedViews.Name) { $pipedViewNames += $PipedViews.Name } } End { if ($PSCmdlet.ShouldProcess($PrincipalName)) { switch ($PrincipalType) { "USER" { $userDetail = Get-CohesityUser -Names $PrincipalName | where-object { $_.Username -eq $PrincipalName } if (-not $userDetail) { Write-Output "User '$PrincipalName' not found." return } if ($userDetail.restricted -eq $false) { $userDetail.restricted = $true Set-CohesityUser -UserObject $userDetail -Confirm:$false | Out-Null } } "GROUP" { $userGroupDetail = Get-CohesityUserGroup -Name $PrincipalName | where-object { $_.name -eq $PrincipalName } if (-not $userGroupDetail) { Write-Output "User group '$PrincipalName' not found." return } if ($userGroupDetail.restricted -eq $false) { $userGroupDetail.restricted = $true Update-CohesityUserGroup -UserGroupObject $userGroupDetail -Confirm:$false | Out-Null } } } $principalDetail = Get-CohesityProtectionSourceForPrincipal -PrincipalType $PrincipalType -PrincipalName $PrincipalName if (-not $principalDetail.Sid) { Write-Output "Not found '$PrincipalName' of principal type '$PrincipalType', please use 'Get-CohesityUser' or 'Get-CohesityUserGroup' to identify the desired one." return } $updatedProtectionSourceObjectIds = @() if ($principalDetail.ProtectionSources) { $updatedProtectionSourceObjectIds += @($principalDetail.ProtectionSources.Id) } $updatedViewNames = @() if ($ViewNames) { $viewObjects = Get-CohesityView foreach ($viewName in $ViewNames) { if ($viewObjects.Name -notcontains $viewName) { Write-Output "View name '$viewName' not found" return } } $updatedViewNames += $ViewNames if ($principalDetail.Views) { $updatedViewNames += @($principalDetail.Views.Name) } } else { # we got the names in piped object if ($pipedViewNames.Count -eq 0) { Write-Output "No views found through piped object." return } if ($principalDetail.Views) { $updatedViewNames += @($principalDetail.Views.Name) } $updatedViewNames += $pipedViewNames } $cohesityClusterURL = '/irisservices/api/v1/public/principals/protectionSources' $sourcesForPrincipalObject = @{ protectionSourceIds = $updatedProtectionSourceObjectIds sid = $principalDetail.Sid viewNames = $updatedViewNames } $payload = @{ sourcesForPrincipals = @($sourcesForPrincipalObject) } $payloadJson = $payload | ConvertTo-Json -Depth 100 Invoke-RestApi -Method Put -Uri $cohesityClusterURL -Body $payloadJson if (204 -eq $Global:CohesityAPIStatus.StatusCode) { @{Response = "Success"; Method = "Put"; } } else { $errorMsg = $Global:CohesityAPIStatus.ErrorMessage + ", View permission : Failed to add" Write-Output $errorMsg CSLog -Message $errorMsg } } } } |