Public/New-VIGlobalPermission.ps1
function New-VIGlobalPermission { <# .SYNOPSIS Add a global permission for a user/group. .DESCRIPTION Creates a global permission assigning either a user or group to a specific role. .PARAMETER Name Specify the name of user or group including the domain. .PARAMETER IsGroup Specify whether the target is a group object or not. .PARAMETER RoleId Specify the identifier for the specific role to assign to the global permission. .PARAMETER Propagate Specify whether the permission should propagate to all children objects or not. .PARAMETER SkipCertificateCheck Skip certificate verification. .EXAMPLE New-VIGlobalPermission -Name "VSPHERE.LOCAL\joe-bloggs" -RoleId -1 .EXAMPLE New-VIGlobalPermission -Name "VSPHERE.LOCAL\group-of-users" -IsGroup -RoleId -1 .EXAMPLE New-VIGlobalPermission -Name "VSPHERE.LOCAL\joe-bloggs" -RoleId -1 -Propagate:$false #> param ( [Parameter( Position = 0, Mandatory = $true )] [String] $Name, [Parameter( Position = 1, Mandatory = $false )] [Switch] $IsGroup, [Parameter( Position = 2, Mandatory = $false )] [String] $RoleId, [Parameter( Position = 3, Mandatory = $false )] [Switch] $Propagate = [Switch]::Present, [Parameter( Position = 4, Mandatory = $false )] [Switch] $SkipCertificateCheck ) try { $ProPref = $ProgressPreference $ProgressPreference = "SilentlyContinue" if ($SkipCertificateCheck) { Set-CertPolicy -SkipCertificateCheck } Invoke-Login $Uri = ("https://$($Global:VIPerms.Server)/invsvc/mob3/?moid=authorizationService&" + "method=AuthorizationService.AddGlobalAccessControlList") $Group = switch ($IsGroup) { $true {"true"} $false {"false"} } $Prop = switch ($Propagate) { $true {"true"} $false {"false"} } $Body = ("vmware-session-nonce=$($Global:VIPerms.SessionNonce)&" + "permissions=%3Cpermissions%3E%0D%0A+++%3Cprincipal%3E%0D%0A++++++" + "%3Cname%3E$([Uri]::EscapeUriString($Name))%3C%2Fname%3E" + "%0D%0A++++++%3Cgroup%3E$Group%3C%2Fgroup%3E%0D%0A+++%3C%2Fprincipal%3E%0D%0A+++" + "%3Croles%3E$RoleId%3C%2Froles%3E%0D%0A+++" + "%3Cpropagate%3E$Prop%3C%2Fpropagate%3E%0D%0A%3C%2Fpermissions%3E") $Params = @{ Uri = $Uri WebSession = $Global:VIPerms.WebSession Method = "POST" Body = $Body } $Res = Invoke-WebRequest @Params Invoke-Logoff if ($SkipCertificateCheck) { Set-CertPolicy -ResetToDefault } $ProgressPreference = $ProPref } catch { $Err = $_ throw $Err } } |