Functions/Security/Revoke-AccessOnCatalogItem.ps1
|
# Copyright (c) 2016 Microsoft Corporation. All Rights Reserved. # Licensed under the MIT License (MIT) function Revoke-AccessOnCatalogItem { <# .SYNOPSIS This script revokes access to catalog items from users/groups. .DESCRIPTION This script revokes all access on the specified catalog item from the specified user/group. .PARAMETER ReportServerUri (optional) Specify the Report Server URL to your SQL Server Reporting Services Instance. .PARAMETER ReportServerCredentials (optional) Specify the password to use when connecting to your SQL Server Reporting Services Instance. .PARAMETER UserOrGroupName Specify the user or group name to revoke access from. .PARAMETER ItemPath Specify the path to catalog item on the server. .EXAMPLE Revoke-AccessOnCatalogItem -UserOrGroupName 'johnd' -ItemPath '/My Folder/SalesReport' Description ----------- This command will establish a connection to the Report Server located at http://localhost/reportserver using current user's credentials and then revoke all access granted to user 'johnd' on catalog item found at '/My Folder/SalesReport'. .EXAMPLE Revoke-AccessOnCatalogItem -ReportServerUri 'http://localhost/reportserver_sql2012' -UserOrGroupName 'johnd' -ItemPath '/My Folder/SalesReport' Description ----------- This command will establish a connection to the Report Server located at http://localhost/reportserver_2012 using current user's credentials and then revoke all access granted to user 'johnd' on catalog item found at '/My Folder/SalesReport'. .EXAMPLE Revoke-AccessOnCatalogItem -ReportServerCredentials 'CaptainAwesome' -UserOrGroupName 'johnd' -ItemPath '/My Folder/SalesReport' Description ----------- This command will establish a connection to the Report Server located at http://localhost/reportserver using CaptainAwesome's credentials and then revoke all access to user 'johnd' on catalog item found at '/My Folder/SalesReport'. #> [cmdletbinding()] param ( [string] $ReportServerUri = 'http://localhost/reportserver', [System.Management.Automation.PSCredential] $ReportServerCredentials, [Parameter(Mandatory=$True)] [string] $UserOrGroupName, [Parameter(Mandatory=$True)] [string] $ItemPath ) # creating proxy $Proxy = New-RSWebServiceProxy -ReportServerUri $ReportServerUri -Credentials $ReportServerCredentials # retrieving existing policies for the current item try { Write-Verbose "Retrieving policies for $ItemPath..." $inheritsParentPolicy = $false $originalPolicies = $proxy.GetPolicies($ItemPath, [ref] $inheritsParentPolicy) Write-Verbose "Policies retrieved: $($originalPolicies.Length)!" } catch [System.Web.Services.Protocols.SoapException] { Write-Error "Error retrieving existing policies for $ItemPath! `n$($_.Exception.Message)" Exit 1 } # determining namespace of the proxy and the names of needed data types $namespace = $proxy.GetType().Namespace $policyDataType = ($namespace + '.Policy') # keeping only those policies where userOrGroupName is not explicitly mentioned $policyList = New-Object ("System.Collections.Generic.List[$policyDataType]") foreach ($originalPolicy in $originalPolicies) { if ($originalPolicy.GroupUserName.Equals($UserOrGroupName, [StringComparison]::OrdinalIgnoreCase)) { continue } $policyList.Add($originalPolicy) } # updating policies on the item try { Write-Verbose "Revoking all access from $UserOrGroupName on $ItemPath..." $proxy.SetPolicies($ItemPath, $policyList.ToArray()) Write-Information "Revoked all access from $UserOrGroupName on $ItemPath!" } catch [System.Web.Services.Protocols.SoapException] { Write-Error "Error occurred while revoking all access from $UserOrGroupName on $ItemPath! `n$($_.Exception.Message)" Exit 2 } } |