upstream/icinga-powershell-framework
1
0
Fork 0
mirror of https://github.com/Icinga/icinga-powershell-framework.git synced 2025-12-21 15:19:58 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
icinga-powershell-framework/lib/wmi/New-IcingaWmiPermissionMask.psm1
Lord Hepipud f9f095e16b Adds support to add/remove/test Wmi permissions 
You can now use 'Add-IcingaWmiPermissions' to add permissions for a
specific user and namespace and remove them with
'Remove-IcingaWmiPermissions'
2020-11-18 14:48:31 +01:00

54 lines
2 KiB
PowerShell
Raw Blame History

<#
.SYNOPSIS
Generates a permission mask based on the set and provided flags which are used
for adding/testing Wmi permissions
.DESCRIPTION
Generates a permission mask based on the set and provided flags which are used
for adding/testing Wmi permissions
.PARAMETER Enable
Enables the account and grants the user read permissions. This is a default access right for all users and corresponds to the Enable Account permission on the Security tab of the WMI Control. For more information, see Setting Namespace Security with the WMI Control.
.PARAMETER RemoteAccess
Allows a user account to remotely perform any operations allowed by the permissions described above. Only members of the Administrators group have this right. WBEM_REMOTE_ACCESS corresponds to the Remote Enable permission on the Security tab of the WMI Control.
.PARAMETER Flags
Allows to specify additional flags for permssion granting: PartialWrite, Subscribe, ProviderWrite,ReadSecurity, WriteSecurity, Publish, MethodExecute, FullWrite
.INPUTS
System.String
.OUTPUTS
System.Int
#>
function New-IcingaWmiPermissionMask()
{
param (
[switch]$Enable,
[switch]$RemoteAccess,
[array]$Flags
);
[int]$PermissionMask = 0;
if ($Enable) {
$PermissionMask += $IcingaWBEM.SecurityFlags.WBEM_Enable;
}
if ($RemoteAccess) {
$PermissionMask += $IcingaWBEM.SecurityFlags.WBEM_Remote_Access;
}
foreach ($flag in $Flags) {
if ($flag -like 'Enable' -And $Enable) {
continue;
}
if ($flag -like 'RemoteAccess' -And $RemoteAccess) {
continue;
}
if ($IcingaWBEM.SecurityNames.ContainsKey($flag) -eq $FALSE) {
Write-IcingaConsoleError 'Invalid Security flag "{0}" . Supported flags: {1}' -Objects $flag, $IcingaWBEM.SecurityNames.Keys;
return $FALSE;
}
$PermissionMask += $IcingaWBEM.SecurityFlags[$IcingaWBEM.SecurityNames[$flag]];
}
return $PermissionMask;
}
Reference in a new issue View git blame Copy permalink