public/Domain/Unassign-FabricDomainWorkspaceRoleAssignment.ps1
|
<#
.SYNOPSIS Bulk unUnassign roles to principals for workspaces in a Fabric domain. .DESCRIPTION The `AssignFabricDomainWorkspaceRoleAssignment` function performs bulk role assignments for principals in a specific Fabric domain. It sends a POST request to the relevant API endpoint. .PARAMETER DomainId The unique identifier of the Fabric domain where roles will be assigned. .PARAMETER DomainRole The role to assign to the principals. Must be one of the following: - `Admins` - `Contributors` .PARAMETER PrincipalIds An array of principals to assign roles to. Each principal must include: - `id`: The identifier of the principal. - `type`: The type of the principal (e.g., `User`, `Group`). .EXAMPLE AssignFabricDomainWorkspaceRoleAssignment -DomainId "12345" -DomainRole "Admins" -PrincipalIds @(@{id="user1"; type="User"}, @{id="group1"; type="Group"}) Unassign the `Admins` role to the specified principals in the domain with ID "12345". .NOTES - Requires `$FabricConfig` global configuration, including `BaseUrl` and `FabricHeaders`. - Calls `Test-TokenExpired` to ensure token validity before making the API request. Author: Tiago Balabuch #> function Unassign-FabricDomainWorkspaceRoleAssignment { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [string]$DomainId, [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [ValidateSet('Admins', 'Contributors')] [string]$DomainRole, [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [array]$PrincipalIds # Array with 'id' and 'type' ) try { # Step 1: Validate PrincipalIds structure foreach ($principal in $PrincipalIds) { if (-not ($principal.id -and $principal.type)) { throw "Invalid principal detected: Each principal must include 'id' and 'type' properties. Found: $principal" } } # Step 2: Ensure token validity Write-Message -Message "Validating token..." -Level Debug Test-TokenExpired Write-Message -Message "Token validation completed." -Level Debug # Step 3: Construct the API URL $apiEndpointUrl = "{0}/admin/domains/{1}/roleAssignments/bulkUnassign" -f $FabricConfig.BaseUrl, $DomainId Write-Message -Message "API Endpoint: $apiEndpointUrl" -Level Debug # Step 4: Construct the request body $body = @{ type = $DomainRole principals = $PrincipalIds } $bodyJson = $body | ConvertTo-Json -Depth 2 Write-Message -Message "Request Body: $bodyJson" -Level Debug # Step 5: Make the API request $response = Invoke-RestMethod ` -Headers $FabricConfig.FabricHeaders ` -Uri $apiEndpointUrl ` -Method Post ` -Body $bodyJson ` -ContentType "application/json" ` -ErrorAction Stop ` -SkipHttpErrorCheck ` -ResponseHeadersVariable "responseHeader" ` -StatusCodeVariable "statusCode" # Step 6: Validate the response code if ($statusCode -ne 200) { Write-Message -Message "Unexpected response code: $statusCode from the API." -Level Error Write-Message -Message "Error: $($response.message)" -Level Error Write-Message "Error Code: $($response.errorCode)" -Level Error return $null } Write-Message -Message "Bulk role unassignment for domain '$DomainId' completed successfully!" -Level Info } catch { # Step 7: Handle and log errors $errorDetails = $_.Exception.Message Write-Message -Message "Failed to bulk assign roles in domain '$DomainId'. Error: $errorDetails" -Level Error } } |