Public/Remove-VIGlobalPermission.ps1
|
function Remove-VIGlobalPermission { <# .SYNOPSIS Delete a global permission for a specific user/group. .DESCRIPTION Delete a global permission for a specific user/group. .PARAMETER Name Specify the name of user or group including the domain. .PARAMETER IsGroup Specify whether the target is a group object or not. .PARAMETER SkipCertificateCheck Skip certificate verification. .EXAMPLE Remove-VIGlobalPermission -Name "VSPHERE.LOCAL\Administrator" .EXAMPLE Remove-VIGlobalPermission -Name "VSPHERE.LOCAL\group-of-users" -IsGroup #> param ( [Parameter( Position = 0, Mandatory = $true )] [String] $Name, [Parameter( Position = 1, Mandatory = $false )] [Switch] $IsGroup, [Parameter( Position = 2, Mandatory = $false )] [Switch] $SkipCertificateCheck ) try { $ProPref = $ProgressPreference $ProgressPreference = "SilentlyContinue" if ($SkipCertificateCheck -or $Global:VIPerms.SkipCertificateCheck) { Set-CertPolicy -SkipCertificateCheck } Invoke-Login $Uri = ("https://$($Global:VIPerms.Server)/invsvc/mob3/?moid=authorizationService&" + "method=AuthorizationService.RemoveGlobalAccess") $Group = switch ($IsGroup) { $true {"true"} $false {"false"} } $Body = ("vmware-session-nonce=$($Global:VIPerms.SessionNonce)&" + "principals=%3Cprincipals%3E%0D%0A+++%3Cname%3E$([Uri]::EscapeUriString($Name))" + "%3C%2Fname%3E%0D%0A+++%3Cgroup%3E$Group%3C%2Fgroup%3E%0D%0A%3C%2Fprincipals%3E") $Params = @{ Uri = $Uri WebSession = $Global:VIPerms.WebSession Method = "POST" Body = $Body } $Res = Invoke-WebRequest @Params Invoke-Logoff if ($SkipCertificateCheck -or $Global:VIPerms.SkipCertificateCheck) { Set-CertPolicy -ResetToDefault } $ProgressPreference = $ProPref } catch { $Err = $_ throw $Err } } |