diff --git a/docs/commands/folder-permissions/New-TssFolderPermission.md b/docs/commands/folder-permissions/New-TssFolderPermission.md index 01ccd82d..35e38dc2 100644 --- a/docs/commands/folder-permissions/New-TssFolderPermission.md +++ b/docs/commands/folder-permissions/New-TssFolderPermission.md @@ -6,12 +6,13 @@ Create a new folder permission ## SYNTAX ``` -New-TssFolderPermission [-TssSession] -FolderId [-GroupId ] [-UserId ] - -FolderAccessRoleName -SecretAccessRoleName [-WhatIf] [-Confirm] [] +New-TssFolderPermission [-TssSession] -FolderId [-GroupId ] [-UserId ] + -FolderAccessRoleName -SecretAccessRoleName [-Force] [-WhatIf] [-Confirm] + [] ``` ## DESCRIPTION -Create a new folder permission +Create a new folder permission, use -Force to break inheritance ## EXAMPLES @@ -23,6 +24,14 @@ New-TssFolderPermission -TssSession $session -FolderId 5 -UserId 21 -FolderAcces Creates a folder permission on Folder ID 5 for User ID 21 granting View on the Folder-level and List on the Secrets in the folder +### EXAMPLE 2 +``` +$session = New-TssSession -SecretServer https://alpha -Credential $ssCred +New-TssFolderPermission -TssSession $session -FolderId 46 -GroupId 12 -FolderAccessRoleName Owner -SecretAccessRoleName Owner -Force +``` + +Creates a folder permission on Folder ID 46 for Group ID 21, giving Owner for Folder and Secrets, breaking InheritPermissions if enabled + ## PARAMETERS ### -TssSession @@ -44,13 +53,13 @@ Accept wildcard characters: False Folder ID ```yaml -Type: Int32 +Type: Int32[] Parameter Sets: (All) Aliases: Required: True Position: Named -Default value: 0 +Default value: None Accept pipeline input: True (ByValue) Accept wildcard characters: False ``` @@ -86,7 +95,7 @@ Accept wildcard characters: False ``` ### -FolderAccessRoleName -Folder Access Role Name +Folder Access Role Name (View, Edit, Add Secret, Owner) ```yaml Type: String @@ -101,7 +110,7 @@ Accept wildcard characters: False ``` ### -SecretAccessRoleName -Secret Access Role Name +Secret Access Role Name (View, Edit, List, Owner, None) ```yaml Type: String @@ -115,6 +124,21 @@ Accept pipeline input: True (ByValue) Accept wildcard characters: False ``` +### -Force +If provided will break inheritance on the folder and add the permission + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -WhatIf Shows what would happen if the cmdlet runs. The cmdlet is not run. diff --git a/docs/commands/folders/Add-TssFolderPermission.md b/docs/commands/folders/Add-TssFolderPermission.md new file mode 100644 index 00000000..a772f312 --- /dev/null +++ b/docs/commands/folders/Add-TssFolderPermission.md @@ -0,0 +1,176 @@ +# Add-TssFolderPermission + +## SYNOPSIS +Add a User or Group permission to a Folder + +## SYNTAX + +### user +``` +Add-TssFolderPermission [-TssSession] -FolderId -Username -FolderRole + -SecretRole [-Force] [] +``` + +### group +``` +Add-TssFolderPermission [-TssSession] -FolderId -Group -FolderRole + -SecretRole [-Force] [] +``` + +## DESCRIPTION +Add a User or Group permission to a Folder. +Use -Force to break inheritance. + +## EXAMPLES + +### EXAMPLE 1 +``` +session = New-TssSession -SecretServer https://alpha -Credential $ssCred +Add-TssFolderPermission -TssSession $session -Id 65 -Type User -Name bob -FolderRole Owner -SecretRole Edit +``` + +Add bob to Folder 65 granting Folder role of owner and Secret role of Edit + +### EXAMPLE 2 +``` +$session = New-TssSession -SecretServer https://alpha -Credential $ssCred +$folders = Search-TssFolder -TssSession $session | Where-Object -not InheritPermission +$folders | Add-TssFolderPermission -TssSession $session -Username chance.wayne -FolderRole View -SecretRole List +``` + +Add "chance.wayne" to all Folders that do not have Inherit Permissions enabled. +Granting Folder role of View and Secret Role of List + +### EXAMPLE 3 +``` +$session = New-TssSession -SecretServer https://alpha -Credential $ssCred +$folders = Search-TssFolder -TssSession $session -SearchText 'App' +$folders | Add-TssFolderPermission -TssSession $session -Username chad -FolderRole Owner -SecretRole Owner -Force +``` + +Add "chad" as owner for Folder and Secret on Folders that have "App" in their name, will also break inheritance if enabled on any of the Folders + +## PARAMETERS + +### -TssSession +TssSession object created by New-TssSession for auth + +```yaml +Type: TssSession +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -FolderId +Folder ID + +```yaml +Type: Int32[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Username +Name of user to add + +```yaml +Type: String +Parameter Sets: user +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Group +Name of group to add + +```yaml +Type: String +Parameter Sets: group +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -FolderRole +Folder Access Role (View, Edit, Add Secret, Owner) + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SecretRole +Secret Access Role (View, Edit, List, Owner, None) + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force +If provided will break inheritance on the folder and add the permission + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +### TssFolderPermission +## NOTES +Requires TssSession object returned by New-TssSession + +## RELATED LINKS + +[https://thycotic-ps.github.io/thycotic.secretserver/commands/folders/Add-TssFolderPermission](https://thycotic-ps.github.io/thycotic.secretserver/commands/folders/Add-TssFolderPermission) + +[https://github.com/thycotic-ps/thycotic.secretserver/blob/main/src/functions/folders/Add-FolderPermission.ps1](https://github.com/thycotic-ps/thycotic.secretserver/blob/main/src/functions/folders/Add-FolderPermission.ps1) + diff --git a/docs/commands/secret-permissions/New-TssSecretPermission.md b/docs/commands/secret-permissions/New-TssSecretPermission.md index be769245..c7037c8f 100644 --- a/docs/commands/secret-permissions/New-TssSecretPermission.md +++ b/docs/commands/secret-permissions/New-TssSecretPermission.md @@ -6,22 +6,32 @@ Create a new Secret Permission ## SYNTAX ``` -New-TssSecretPermission [-TssSession] -SecretId -AccessRole [-GroupId ] - [-UserId ] [-WhatIf] [-Confirm] [] +New-TssSecretPermission [-TssSession] -SecretId -AccessRole + [-DomainName ] [-GroupName ] [-Username ] [-Force] [-WhatIf] [-Confirm] + [] ``` ## DESCRIPTION -Create a new Secret Permission +Create a new Secret Permission, use -Force to break inheritance ## EXAMPLES ### EXAMPLE 1 ``` $session = New-TssSession -SecretServer https://alpha -Credential $ssCred -New-TssSecretPermission -TssSession $session -SecretId 76 -AccessRole View -UserId 98 +New-TssSecretPermission -TssSession $session -SecretId 76 -AccessRole View -Username bob.martin ``` -Adding permission for User ID 98 to Secret 76, granting View rights to the Secret. +Adding user "bob.martin" to Secret 76, granting View rights to the Secret. + +### EXAMPLE 2 +``` +$session = New-TssSession -SecretServer https://alpha -Credential $ssCred +$secrets = Search-TssSecret -TssSession $session -SearchText 'Azure' +New-TssSecretPermission -TssSession $session -SecretId $secrets.Id -AccessRole View -DomainName corp -GroupName 'IT Support' -Force +``` + +Adding permission to all Secrets that have "Azure" in their name to the group "corp\IT Support" with View rights, breaking inheritance if enabled. ## PARAMETERS @@ -44,7 +54,7 @@ Accept wildcard characters: False Secret Id ```yaml -Type: String +Type: Int32[] Parameter Sets: (All) Aliases: @@ -70,36 +80,66 @@ Accept pipeline input: True (ByValue) Accept wildcard characters: False ``` -### -GroupId -Group ID +### -DomainName +Domain Name (the friendly name), if user or group is an Directory Service domain + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -GroupName +Group Name ```yaml -Type: Int32 +Type: String Parameter Sets: (All) Aliases: Required: False Position: Named -Default value: 0 +Default value: None Accept pipeline input: True (ByValue) Accept wildcard characters: False ``` -### -UserId -User ID +### -Username +Username ```yaml -Type: Int32 +Type: String Parameter Sets: (All) Aliases: Required: False Position: Named -Default value: 0 +Default value: None Accept pipeline input: True (ByValue) Accept wildcard characters: False ``` +### -Force +If provided will break inheritance on the secret and add the permission + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -WhatIf Shows what would happen if the cmdlet runs. The cmdlet is not run. diff --git a/docs/commands/secrets/Add-TssSecretPermission.md b/docs/commands/secrets/Add-TssSecretPermission.md new file mode 100644 index 00000000..d9f183b5 --- /dev/null +++ b/docs/commands/secrets/Add-TssSecretPermission.md @@ -0,0 +1,169 @@ +# Add-TssSecretPermission + +## SYNOPSIS +Add a User or Group permission to a Secret + +## SYNTAX + +``` +Add-TssSecretPermission [-TssSession] -SecretId -AccessRole + [-DomainName ] [-GroupName ] [-Username ] [-Force] [] +``` + +## DESCRIPTION +Add a User or Group permission to a Secret. +Use -Force to break inheritance. + +## EXAMPLES + +### EXAMPLE 1 +``` +session = New-TssSession -SecretServer https://alpha -Credential $ssCred +Add-TssSecretPermission -TssSession $session -Id 65 -Type User -Name bob -AccessRole Owner +``` + +Add bob to Secret 65 granting Secret role of owner + +### EXAMPLE 2 +``` +$session = New-TssSession -SecretServer https://alpha -Credential $ssCred +$secrets = Search-TssSecret -TssSession $session | Where-Object -not InheritPermission +$secrets | Add-TssSecretPermission -TssSession $session -Username chance.wayne -AccessRole View +``` + +Add "chance.wayne" to all Secrets that do not have Inherit Permissions enabled. +Granting Secret role of View + +### EXAMPLE 3 +``` +$session = New-TssSession -SecretServer https://alpha -Credential $ssCred +$Secrets = Search-TssSecret -TssSession $session -SearchText 'App' +$Secrets | Add-TssSecretPermission -TssSession $session -Username chad -AccessRole Owner -Force +``` + +Add "chad" as owner for Secrets that have "App" in their name, will also break inheritance if enabled on any of the Secrets + +## PARAMETERS + +### -TssSession +TssSession object created by New-TssSession for auth + +```yaml +Type: TssSession +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -SecretId +Secret Id + +```yaml +Type: Int32[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -AccessRole +Secret Access Role Name + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -DomainName +Domain Name (the friendly name), if user or group is an Directory Service domain + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -GroupName +Group Name + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Username +Username + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Force +If provided will break inheritance on the secret and add the permission + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +### TssSecretPermission +## NOTES +Requires TssSession object returned by New-TssSession + +## RELATED LINKS + +[https://thycotic-ps.github.io/thycotic.secretserver/commands/Secrets/Add-TssSecretPermission](https://thycotic-ps.github.io/thycotic.secretserver/commands/Secrets/Add-TssSecretPermission) + +[https://github.com/thycotic-ps/thycotic.secretserver/blob/main/src/functions/Secrets/Add-SecretPermission.ps1](https://github.com/thycotic-ps/thycotic.secretserver/blob/main/src/functions/Secrets/Add-SecretPermission.ps1) +