Functions/Security/Revoke-AccessToRS.ps1
|
# Copyright (c) 2016 Microsoft Corporation. All Rights Reserved. # Licensed under the MIT License (MIT) function Revoke-AccessToRs { <# .SYNOPSIS This script revokes access to SQL Server Reporting Services Instance from users/groups. .DESCRIPTION This script revokes all access on the SQL Server Reporting Services Instance located at the specified Report Server URI from the specified user/group. .PARAMETER ReportServerUri (optional) Specify the Report Server URL to your SQL Server Reporting Services Instance. .PARAMETER ReportServerCredentials (optional) Specify the password to use when connecting to your SQL Server Reporting Services Instance. .PARAMETER UserOrGroupName Specify the user or group name to revoke access from. .EXAMPLE Revoke-AccessToRs -UserOrGroupName 'johnd' Description ----------- This command will establish a connection to the Report Server located at http://localhost/reportserver using current user's credentials and then revoke all access for user 'johnd'. .EXAMPLE Revoke-AccessToRs -ReportServerUri 'http://localhost/reportserver_sql2012' -UserOrGroupName 'johnd' Description ----------- This command will establish a connection to the Report Server located at http://localhost/reportserver_2012 using current user's credentials and then revoke all access for user 'johnd'. .EXAMPLE Revoke-AccessToRs -ReportServerCredentials 'CaptainAwesome' -UserOrGroupName 'johnd' Description ----------- This command will establish a connection to the Report Server located at http://localhost/reportserver using CaptainAwesome's credentials and then revoke all access for user 'johnd'. #> [cmdletbinding()] param ( [string] $ReportServerUri = 'http://localhost/reportserver', [System.Management.Automation.PSCredential] $ReportServerCredentials, [Parameter(Mandatory=$True)] [string] $UserOrGroupName ) # creating proxy $Proxy = New-RSWebServiceProxy -ReportServerUri $ReportServerUri -Credentials $ReportServerCredentials # retrieving existing policies for the current item try { Write-Verbose "Retrieving system policies..." $originalPolicies = $proxy.GetSystemPolicies() Write-Verbose "Policies retrieved: $($originalPolicies.Length)!" } catch [System.Web.Services.Protocols.SoapException] { Write-Error "Error retrieving existing system policies! `n$($_.Exception.Message)" Exit 1 } # determining namespace of the proxy and the names of needed data types $namespace = $proxy.GetType().Namespace $policyDataType = ($namespace + '.Policy') # keeping only those policies where userOrGroupName is not explicitly mentioned $policyList = New-Object ("System.Collections.Generic.List[$policyDataType]") foreach ($originalPolicy in $originalPolicies) { if ($originalPolicy.GroupUserName.Equals($UserOrGroupName, [StringComparison]::OrdinalIgnoreCase)) { continue } $policyList.Add($originalPolicy) } # updating policies on the item try { Write-Verbose "Revoking all access from $UserOrGroupName..." $proxy.SetSystemPolicies($policyList.ToArray()) Write-Information "Revoked all access from $UserOrGroupName!" } catch [System.Web.Services.Protocols.SoapException] { Write-Error "Error occurred while revoking all access from $UserOrGroupName! `n$($_.Exception.Message)" Exit 2 } } |