icinga-powershell-framework/lib/core/icingaagent/setters/Set-IcingaAcl.psm1

function Set-IcingaAcl()
{
    param(
        [string]$Directory,
        [string]$IcingaUser = (Get-IcingaServiceUser),
        [switch]$Remove     = $FALSE
    );

    if (-Not (Test-Path $Directory)) {
        Write-IcingaConsoleWarning 'Unable to set ACL for directory "{0}". Directory does not exist' -Objects $Directory;
        return;
    }

    $DirectoryAcl        = (Get-Item -Path $Directory).GetAccessControl('Access');
    $DirectoryAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule(
        $IcingaUser,
        'Modify',
        'ContainerInherit,ObjectInherit',
        'None',
        'Allow'
    );

    if ($Remove -eq $FALSE) {
        $DirectoryAcl.SetAccessRule($DirectoryAccessRule);
    } else {
        foreach ($entry in $DirectoryAcl.Access) {
            if (([string]($entry.IdentityReference)).ToLower() -like [string]::Format('*\{0}', $IcingaUser.ToLower())) {
                $DirectoryAcl.RemoveAccessRuleSpecific($entry);
            }
        }
    }

    Set-Acl -Path $Directory -AclObject $DirectoryAcl;

    if ($Remove -eq $FALSE) {
        Test-IcingaAcl -Directory $Directory -WriteOutput | Out-Null;
    }
}