Public/Set-LMRole.ps1
Function Set-LMRole { [CmdletBinding(DefaultParameterSetName = 'Default')] Param ( [Parameter(Mandatory,ParameterSetName = 'Id-Custom', ValueFromPipelineByPropertyName)] [Parameter(Mandatory,ParameterSetName = 'Id-Default', ValueFromPipelineByPropertyName)] [String]$Id, [Parameter(Mandatory,ParameterSetName = 'Name-Custom')] [Parameter(Mandatory,ParameterSetName = 'Name-Default')] [String]$Name, [Parameter(ParameterSetName = 'Id-Custom')] [Parameter(ParameterSetName = 'Id-Default')] [Parameter(ParameterSetName = 'Name-Custom')] [Parameter(ParameterSetName = 'Name-Default')] [String]$NewName, [Parameter(ParameterSetName = 'Id-Custom')] [Parameter(ParameterSetName = 'Id-Default')] [Parameter(ParameterSetName = 'Name-Custom')] [Parameter(ParameterSetName = 'Name-Default')] [String]$CustomHelpLabel, [Parameter(ParameterSetName = 'Id-Custom')] [Parameter(ParameterSetName = 'Id-Default')] [Parameter(ParameterSetName = 'Name-Custom')] [Parameter(ParameterSetName = 'Name-Default')] [String]$CustomHelpURL, [Parameter(ParameterSetName = 'Id-Custom')] [Parameter(ParameterSetName = 'Id-Default')] [Parameter(ParameterSetName = 'Name-Custom')] [Parameter(ParameterSetName = 'Name-Default')] [String]$Description, [Parameter(ParameterSetName = 'Id-Custom')] [Parameter(ParameterSetName = 'Id-Default')] [Parameter(ParameterSetName = 'Name-Custom')] [Parameter(ParameterSetName = 'Name-Default')] [Switch]$RequireEULA, [Parameter(ParameterSetName = 'Id-Custom')] [Parameter(ParameterSetName = 'Id-Default')] [Parameter(ParameterSetName = 'Name-Custom')] [Parameter(ParameterSetName = 'Name-Default')] [Switch]$TwoFARequired, [Parameter(ParameterSetName = 'Id-Custom')] [Parameter(ParameterSetName = 'Id-Default')] [Parameter(ParameterSetName = 'Name-Custom')] [Parameter(ParameterSetName = 'Name-Default')] [String]$RoleGroupId, [Parameter(ParameterSetName = 'Name-Default')] [Parameter(ParameterSetName = 'Id-Default')] [ValidateSet("view", "manage","none")] [String]$DashboardsPermission = "none", [Parameter(ParameterSetName = 'Name-Default')] [Parameter(ParameterSetName = 'Id-Default')] [ValidateSet("view", "manage","none")] [String]$ResourcePermission = "none", [Parameter(ParameterSetName = 'Name-Default')] [Parameter(ParameterSetName = 'Id-Default')] [ValidateSet("view", "manage","none")] [String]$LogsPermission = "none", [Parameter(ParameterSetName = 'Name-Default')] [Parameter(ParameterSetName = 'Id-Default')] [ValidateSet("view", "manage","none")] [String]$WebsitesPermission = "none", [Parameter(ParameterSetName = 'Name-Default')] [Parameter(ParameterSetName = 'Id-Default')] [ValidateSet("view", "manage","none")] [String]$SavedMapsPermission = "none", [Parameter(ParameterSetName = 'Name-Default')] [Parameter(ParameterSetName = 'Id-Default')] [ValidateSet("view", "manage","none")] [String]$ReportsPermission = "none", [Parameter(ParameterSetName = 'Name-Default')] [Parameter(ParameterSetName = 'Id-Default')] [ValidateSet("view", "manage","none","manage-collectors","view-collectors")] [String]$SettingsPermission = "none", [Parameter(ParameterSetName = 'Name-Default')] [Parameter(ParameterSetName = 'Id-Default')] [Switch]$CreatePrivateDashboards, [Parameter(ParameterSetName = 'Name-Default')] [Parameter(ParameterSetName = 'Id-Default')] [Switch]$AllowWidgetSharing, [Parameter(ParameterSetName = 'Name-Default')] [Parameter(ParameterSetName = 'Id-Default')] [Switch]$ConfigTabRequiresManagePermission, [Parameter(ParameterSetName = 'Name-Default')] [Parameter(ParameterSetName = 'Id-Default')] [Switch]$AllowedToViewMapsTab, [Parameter(ParameterSetName = 'Name-Default')] [Parameter(ParameterSetName = 'Id-Default')] [Switch]$AllowedToManageResourceDashboards, [Parameter(ParameterSetName = 'Name-Default')] [Parameter(ParameterSetName = 'Id-Default')] [Switch]$ViewTraces, [Parameter(ParameterSetName = 'Name-Default')] [Parameter(ParameterSetName = 'Id-Default')] [Switch]$ViewSupport, [Parameter(ParameterSetName = 'Name-Default')] [Parameter(ParameterSetName = 'Id-Default')] [Switch]$EnableRemoteSessionForResources, [Parameter(Mandatory,ParameterSetName = 'Name-Custom')] [Parameter(Mandatory,ParameterSetName = 'Id-Custom')] [PSCustomObject]$CustomPrivilegesObject ) #Check if we are logged in and have valid api creds If ($Script:LMAuth.Valid) { #Lookup Id if supplying username If ($Name) { $LookupResult = (Get-LMRole -Name $Name).Id If (Test-LookupResult -Result $LookupResult -LookupString $Name) { return } $Id = $LookupResult } #Build header and uri $ResourcePath = "/setting/roles/$Id" $Privileges = @() If(!$CustomPrivilegesObject){ If($ViewTraces){ $Privileges += [PSCustomObject]@{ objectId = "*" objectName = "*" objectType = "tracesManageTab" operation = "read" subOperation = "" } } If($EnableRemoteSessionForResources){ $Privileges += [PSCustomObject]@{ objectId = "*" objectName = "*" objectType = "remoteSession" operation = "write" subOperation = "" } } If($AllowedToViewMapsTab){ $Privileges += [PSCustomObject]@{ objectId = "*" objectName = "*" objectType = "resourceMapTab" operation = "read" subOperation = "" } } If($AllowWidgetSharing){ $Privileges += [PSCustomObject]@{ objectId = "sharingwidget" objectName = "sharingwidget" objectType = "dashboard_group" operation = "write" subOperation = "" } } If($CreatePrivateDashboards){ $Privileges += [PSCustomObject]@{ objectId = "private" objectName = "private" objectType = "dashboard_group" operation = "write" subOperation = "" } } If($ViewSupport){ $Privileges += [PSCustomObject]@{ objectId = "chat" objectName = "help" objectType = "help" operation = "write" subOperation = "" } $Privileges += [PSCustomObject]@{ objectId = "*" objectName = "help" objectType = "help" operation = "read" subOperation = "" } } If($ConfigTabRequiresManagePermission){ $Privileges += [PSCustomObject]@{ objectId = "" objectName = "configNeedDeviceManagePermission" objectType = "configNeedDeviceManagePermission" operation = "write" subOperation = "" } } If($AllowedToManageResourceDashboards){ $Privileges += [PSCustomObject]@{ objectId = "" objectName = "deviceDashboard" objectType = "deviceDashboard" operation = "write" subOperation = "" } } If($DashboardsPermission -ne "none"){ $Privileges += [PSCustomObject]@{ objectId = "*" objectName = "*" objectType = "dashboard_group" operation = If($DashboardsPermission -eq "manage"){"write"}Else{"read"} subOperation = "" } } If($ResourcePermission -ne "none"){ $Privileges += [PSCustomObject]@{ objectId = "*" objectName = "*" objectType = "host_group" operation = If($ResourcePermission -eq "manage"){"write"}Else{"read"} subOperation = "" } } If($LogsPermission -ne "none"){ $Privileges += [PSCustomObject]@{ objectId = "*" objectName = "*" objectType = "logs" operation = If($LogsPermission -eq "manage"){"write"}Else{"read"} subOperation = "" } } If($WebsitesPermission -ne "none"){ $Privileges += [PSCustomObject]@{ objectId = "*" objectName = "*" objectType = "website_group" operation = If($WebsitesPermission -eq "manage"){"write"}Else{"read"} subOperation = "" } } If($SavedMapsPermission -ne "none"){ $Privileges += [PSCustomObject]@{ objectId = "*" objectName = "*" objectType = "map" operation = If($SavedMapsPermission -eq "manage"){"write"}Else{"read"} subOperation = "" } } If($ReportsPermission -ne "none"){ $Privileges += [PSCustomObject]@{ objectId = "*" objectName = "*" objectType = "report_group" operation = If($ReportsPermission -eq "manage"){"write"}Else{"read"} subOperation = "" } } If($SettingsPermission -ne "none"){ If($SettingsPermission -ne "manage-collectors" -and $SettingsPermission -ne "view-collectors"){ $Privileges += [PSCustomObject]@{ objectId = "*" objectName = "*" objectType = "setting" operation = If($SettingsPermission -eq "manage"){"write"}Else{"read"} subOperation = "" } $Privileges += [PSCustomObject]@{ objectId = "useraccess.*" objectName = "useraccess.*" objectType = "setting" operation = If($ResourcePermission -eq "manage"){"write"}Else{"read"} subOperation = "" } } Else{ $Privileges += [PSCustomObject]@{ objectId = "collectorgroup.*" objectName = "Collectors" objectType = "setting" operation = If($SettingsPermission -eq "manage-collectors"){"write"}Else{"read"} } } } } Try { $Data = @{ customHelpLabel = $CustomHelpLabel customHelpURL = $CustomHelpURL description = $Description name = $NewName requireEULA = If($RequireEULA.IsPresent){"true"}Else{""} roleGroupId = $RoleGroupId twoFARequired = If($TwoFARequired.IsPresent){"true"}Else{""} privileges = If($CustomPrivilegesObject){$CustomPrivilegesObject}Else{$Privileges} } #Remove empty keys so we dont overwrite them @($Data.keys) | ForEach-Object { if ([string]::IsNullOrEmpty($Data[$_])) { $Data.Remove($_) } } $Data = ($Data | ConvertTo-Json) $Headers = New-LMHeader -Auth $Script:LMAuth -Method "PATCH" -ResourcePath $ResourcePath -Data $Data $Uri = "https://$($Script:LMAuth.Portal).logicmonitor.com/santaba/rest" + $ResourcePath #Issue request $Response = Invoke-RestMethod -Uri $Uri -Method "PATCH" -Headers $Headers[0] -WebSession $Headers[1] -Body $Data Return (Add-ObjectTypeInfo -InputObject $Response -TypeName "LogicMonitor.Role" ) } Catch [Exception] { $Proceed = Resolve-LMException -LMException $PSItem If (!$Proceed) { Return } } } Else { Write-Error "Please ensure you are logged in before running any commands, use Connect-LMAccount to login and try again." } } |