From c3248a14e9f8b7f6dd0529c276a409aa13c18498 Mon Sep 17 00:00:00 2001 From: Greg Brownstein Date: Fri, 5 May 2023 22:21:25 +0000 Subject: [PATCH] Update manifest and docs to 5.5.0 --- CHANGELOG.md | 12 + VenafiPS/VenafiPS.psd1 | 4 +- docs/changelog.md | 12 + docs/functions/Export-VenafiCertificate.md | 114 ++++++--- docs/functions/Get-TppAttribute.md | 42 +++- docs/functions/New-TppToken.md | 4 +- docs/functions/New-VenafiSession.md | 4 +- docs/functions/Set-TppAttribute.md | 27 +- docs/functions/Set-TppPermission.md | 276 +++++++++++++++++++-- 9 files changed, 423 insertions(+), 72 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c8b785f0..152e3db7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,14 @@ +## 5.5.0 +- Add `Set-TppAttribute -NoOverwrite` to allow additions to an attribute list. [#189](https://github.com/Venafi/VenafiPS/issues/189) +- Add `Get-TppAttribute -NoLookup` for the remote cases where a built-in attribute and custom field have the same name. The default will be to look for a custom field. Use `-NoLookup` to override. [#192](https://github.com/Venafi/VenafiPS/issues/192) +- Add ability to export the chain on VaaS with `Export-VenafiCertificate` +- Add ability to export a certificate to a file on VaaS with `Export-VenafiCertificate` +- Fix certain characters in friendly name causing `Test-TppIdentityFormat` to fail, [#205](https://github.com/Venafi/VenafiPS/issues/205) +- Add ability to set specific permission with `Set-TppPermission` and not just an entire permissions object, [#197](https://github.com/Venafi/VenafiPS/issues/197) +- Enhance pipeline support for `Set-TppPermission` +- Fix failure removing a custom field value with `Set-TppAttribute`, [#199](https://github.com/Venafi/VenafiPS/issues/199) +- Fix `ConvertTo-TppFullPath` appending '\ved\policy' incorrectly on non-Windows environments + ## 5.4.1 - Add support for JWT token authentication in `New-VenafiSession` and `New-TppToken` @@ -516,5 +527,6 @@ + diff --git a/VenafiPS/VenafiPS.psd1 b/VenafiPS/VenafiPS.psd1 index 035f51e9..7cee4afa 100644 --- a/VenafiPS/VenafiPS.psd1 +++ b/VenafiPS/VenafiPS.psd1 @@ -3,7 +3,7 @@ # # Generated by: Venafi # -# Generated on: 03/09/2023 +# Generated on: 05/05/2023 # @{ @@ -12,7 +12,7 @@ RootModule = 'VenafiPS.psm1' # Version number of this module. -ModuleVersion = '5.5' +ModuleVersion = '5.5.0' # Supported PSEditions # CompatiblePSEditions = @() diff --git a/docs/changelog.md b/docs/changelog.md index 29d24be6..c688682e 100644 --- a/docs/changelog.md +++ b/docs/changelog.md @@ -1,3 +1,14 @@ +## 5.5.0 +- Add `Set-TppAttribute -NoOverwrite` to allow additions to an attribute list. [#189](https://github.com/Venafi/VenafiPS/issues/189) +- Add `Get-TppAttribute -NoLookup` for the remote cases where a built-in attribute and custom field have the same name. The default will be to look for a custom field. Use `-NoLookup` to override. [#192](https://github.com/Venafi/VenafiPS/issues/192) +- Add ability to export the chain on VaaS with `Export-VenafiCertificate` +- Add ability to export a certificate to a file on VaaS with `Export-VenafiCertificate` +- Fix certain characters in friendly name causing `Test-TppIdentityFormat` to fail, [#205](https://github.com/Venafi/VenafiPS/issues/205) +- Add ability to set specific permission with `Set-TppPermission` and not just an entire permissions object, [#197](https://github.com/Venafi/VenafiPS/issues/197) +- Enhance pipeline support for `Set-TppPermission` +- Fix failure removing a custom field value with `Set-TppAttribute`, [#199](https://github.com/Venafi/VenafiPS/issues/199) +- Fix `ConvertTo-TppFullPath` appending '\ved\policy' incorrectly on non-Windows environments + ## 5.4.1 - Add support for JWT token authentication in `New-VenafiSession` and `New-TppToken` @@ -516,5 +527,6 @@ + diff --git a/docs/functions/Export-VenafiCertificate.md b/docs/functions/Export-VenafiCertificate.md index 91e1d2a0..8994dc40 100644 --- a/docs/functions/Export-VenafiCertificate.md +++ b/docs/functions/Export-VenafiCertificate.md @@ -5,17 +5,16 @@ Get certificate data ## SYNTAX -### All (Default) +### VaasChain ``` -Export-VenafiCertificate -CertificateId -Format [-VenafiSession ] - [] +Export-VenafiCertificate -CertificateId -VaasFormat [-OutPath ] [-IncludeChain] + [-RootFirst] [-VenafiSession ] [] ``` -### Tpp +### Vaas ``` -Export-VenafiCertificate -CertificateId -Format [-OutPath ] [-IncludeChain] - [-FriendlyName ] [-IncludePrivateKey] [-PrivateKeyPassword ] [-VenafiSession ] - [] +Export-VenafiCertificate -CertificateId -VaasFormat [-OutPath ] + [-VenafiSession ] [] ``` ### TppJks @@ -25,6 +24,12 @@ Export-VenafiCertificate -CertificateId [-IncludeChain] -FriendlyName < [] ``` +### Tpp +``` +Export-VenafiCertificate -CertificateId -TppFormat [-OutPath ] [-IncludeChain] + [-FriendlyName ] [-PrivateKeyPassword ] [-VenafiSession ] [] +``` + ## DESCRIPTION Get certificate data from either Venafi as a Service or TPP. @@ -32,32 +37,38 @@ Get certificate data from either Venafi as a Service or TPP. ### EXAMPLE 1 ``` -$certId | Export-VenafiCertificate -Format PEM +$certId | Export-VenafiCertificate -VaasFormat PEM Get certificate data from Venafi as a Service ``` ### EXAMPLE 2 ``` -$cert | Export-VenafiCertificate -Format 'PKCS #7' -OutPath 'c:\temp' -Get certificate data and save to a file, TPP +$cert | Export-VenafiCertificate -TppFormat 'PKCS #7' -OutPath 'c:\temp' +Get certificate data and save to a file ``` ### EXAMPLE 3 ``` -$cert | Export-VenafiCertificate -Format 'PKCS #7' -IncludeChain +$cert | Export-VenafiCertificate -TppFormat 'PKCS #7' -IncludeChain Get one or more certificates with the certificate chain included, TPP ``` ### EXAMPLE 4 ``` -$cert | Export-VenafiCertificate -Format 'PKCS #12' -PrivateKeyPassword $cred.password -Get one or more certificates with private key included, TPP +$cert | Export-VenafiCertificate -VaasFormat PEM -IncludeChain -RootFirst +Get one or more certificates with the certificate chain included and the root first in the chain, VaaS ``` ### EXAMPLE 5 ``` +$cert | Export-VenafiCertificate -TppFormat 'PKCS #12' -PrivateKeyPassword $cred.password +Get one or more certificates with private key included, TPP +``` + +### EXAMPLE 6 +``` $cert | Export-VenafiCertificate -FriendlyName 'MyFriendlyName' -KeystorePassword $cred.password -Get certificates in JKS format, TPP +Get certificates in JKS format, TPP. -TppFormat not needed since we know its JKS via -KeystorePassword. ``` ## PARAMETERS @@ -79,14 +90,27 @@ Accept pipeline input: True (ByPropertyName) Accept wildcard characters: False ``` -### -Format -Certificate format. -For Venafi as a Service, you can provide either PEM, DER, or JKS. -For TPP, you can provide Base64, Base64 (PKCS#8), DER, JKS, PKCS #7, or PKCS #12. +### -TppFormat +Certificate format, either Base64, Base64 (PKCS#8), DER, PKCS #7, or PKCS #12. + +```yaml +Type: String +Parameter Sets: Tpp +Aliases: Format + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -VaasFormat +Certificate format, either DER or PEM ```yaml Type: String -Parameter Sets: All, Tpp +Parameter Sets: VaasChain, Vaas Aliases: Required: True @@ -98,12 +122,11 @@ Accept wildcard characters: False ### -OutPath Folder path to save the certificate to. -The name of the file will be determined automatically. -TPP Only...for now. +The name of the file will be determined automatically. ```yaml Type: String -Parameter Sets: Tpp +Parameter Sets: VaasChain, Vaas, Tpp Aliases: Required: False @@ -115,12 +138,23 @@ Accept wildcard characters: False ### -IncludeChain Include the certificate chain with the exported certificate. -Not supported with DER format. -TPP Only. +Not supported with DER format. + +```yaml +Type: SwitchParameter +Parameter Sets: VaasChain +Aliases: + +Required: True +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` ```yaml Type: SwitchParameter -Parameter Sets: Tpp, TppJks +Parameter Sets: TppJks, Tpp Aliases: Required: False @@ -130,24 +164,27 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -FriendlyName -Label or alias to use. -Permitted with Base64 and PKCS #12 formats. -Required when Format is JKS. -TPP Only. +### -RootFirst +Use with -IncludeChain for VaaS to return the root first instead of the end entity first ```yaml -Type: String -Parameter Sets: Tpp +Type: SwitchParameter +Parameter Sets: VaasChain Aliases: Required: False Position: Named -Default value: None +Default value: False Accept pipeline input: False Accept wildcard characters: False ``` +### -FriendlyName +Label or alias to use. +Permitted with Base64 and PKCS #12 formats. +Required when exporting JKS. +TPP Only. + ```yaml Type: String Parameter Sets: TppJks @@ -160,19 +197,14 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -IncludePrivateKey -DEPRECATED. -Provide a value for -PrivateKeyPassword. -TPP only. - ```yaml -Type: SwitchParameter +Type: String Parameter Sets: Tpp Aliases: Required: False Position: Named -Default value: False +Default value: None Accept pipeline input: False Accept wildcard characters: False ``` @@ -191,7 +223,7 @@ You must adhere to the following rules: ```yaml Type: SecureString -Parameter Sets: Tpp, TppJks +Parameter Sets: TppJks, Tpp Aliases: SecurePassword Required: False diff --git a/docs/functions/Get-TppAttribute.md b/docs/functions/Get-TppAttribute.md index 22640df8..d93d8fdd 100644 --- a/docs/functions/Get-TppAttribute.md +++ b/docs/functions/Get-TppAttribute.md @@ -7,13 +7,14 @@ Get object attributes as well as policy attributes ### Attribute (Default) ``` -Get-TppAttribute -Path -Attribute [-Class ] [-VenafiSession ] +Get-TppAttribute -Path -Attribute [-Class ] [-NoLookup] [-VenafiSession ] [] ``` ### All ``` -Get-TppAttribute -Path [-Class ] [-All] [-VenafiSession ] [] +Get-TppAttribute -Path [-Class ] [-All] [-NoLookup] [-VenafiSession ] + [] ``` ## DESCRIPTION @@ -76,6 +77,20 @@ You can specify either the guid or custom field label name. ### EXAMPLE 4 ``` +Get-TppAttribute -Path '\VED\Policy\mydevice\myapp' -Attribute 'Certificate' -NoLookup +``` + +Name : myapp +Path : \VED\Policy\mydevice\myapp +TypeName : Adaptable App +Guid : b7a7221b-e038-41d9-9d49-d7f45c1ca128 +Attribute : {@{Name=Certificate; PolicyPath=; Value=\VED\Policy\mycert; Locked=False; Overridden=False}} +Certificate : \VED\Policy\mycert + +Retrieve an attribute value without custom value lookup + +### EXAMPLE 5 +``` Get-TppAttribute -Path '\VED\Policy\certificates\test.gdb.com' -All ``` @@ -97,7 +112,7 @@ Driver Name : appx509certificate Retrieve all attributes applicable to this object -### EXAMPLE 5 +### EXAMPLE 6 ``` Get-TppAttribute -Path 'Certificates' -Class 'X509 Certificate' -Attribute 'State' ``` @@ -113,7 +128,7 @@ State : UT Retrieve a policy attribute value for the specified policy folder and class. \ved\policy will be prepended to the path. -### EXAMPLE 6 +### EXAMPLE 7 ``` Get-TppAttribute -Path '\VED\Policy\certificates' -Class 'X509 Certificate' -All ``` @@ -205,6 +220,25 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -NoLookup +Default functionality is to perform lookup of attributes names to see if they are custom fields or not. +If they are, pass along the guid instead of name required by the api for custom fields. +To override this behavior and use the attribute name as is, add -NoLookup. +Useful if on the off chance you have a custom field with the same name as a built-in attribute. +Can also be used with -All and the output will contain guids instead of looked up names. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -VenafiSession Authentication for the function. The value defaults to the script session object $VenafiSession created by New-VenafiSession. diff --git a/docs/functions/New-TppToken.md b/docs/functions/New-TppToken.md index 84d4b6e7..2b41e4c1 100644 --- a/docs/functions/New-TppToken.md +++ b/docs/functions/New-TppToken.md @@ -116,8 +116,10 @@ The key is the scope and the value is one or more privilege restrictions separat A privilege restriction of none or read, use a value of $null. Scopes include Agent, Certificate, Code Signing, Configuration, Restricted, Security, SSH, and statistics. See https://docs.venafi.com/Docs/current/TopNav/Content/SDK/AuthSDK/r-SDKa-OAuthScopePrivilegeMapping.php -Using a scope of {'all'='core'} will set all scopes except for admin. +Using a scope of {'all'='core'} will set all scopes except for codesignclient and admin. +Using a scope of {'all'='core-cs'} will set all scopes inclduing codesignclient except for admin. Using a scope of {'all'='admin'} will set all scopes including admin. +Using a scope of {'all'='admin-cs'} will set all scopes including admin. Usage of the 'all' scope is not suggested for production. ```yaml diff --git a/docs/functions/New-VenafiSession.md b/docs/functions/New-VenafiSession.md index a3c0a149..75409b55 100644 --- a/docs/functions/New-VenafiSession.md +++ b/docs/functions/New-VenafiSession.md @@ -239,8 +239,10 @@ The key is the scope and the value is one or more privilege restrictions separat Scopes include Agent, Certificate, Code Signing, Configuration, Restricted, Security, SSH, and statistics. For no privilege restriction or read access, use a value of $null. For a scope to privilege mapping, see https://docs.venafi.com/Docs/current/TopNav/Content/SDK/AuthSDK/r-SDKa-OAuthScopePrivilegeMapping.php -Using a scope of {'all'='core'} will set all scopes except for admin. +Using a scope of {'all'='core'} will set all scopes except for codesignclient and admin. +Using a scope of {'all'='core-cs'} will set all scopes inclduing codesignclient except for admin. Using a scope of {'all'='admin'} will set all scopes including admin. +Using a scope of {'all'='admin-cs'} will set all scopes including admin. Usage of the 'all' scope is not suggested for production. ```yaml diff --git a/docs/functions/Set-TppAttribute.md b/docs/functions/Set-TppAttribute.md index c2ead83c..0def7d3b 100644 --- a/docs/functions/Set-TppAttribute.md +++ b/docs/functions/Set-TppAttribute.md @@ -7,14 +7,14 @@ Sets a value on an objects attribute or policies (policy attributes) ### NotPolicy (Default) ``` -Set-TppAttribute -Path -Attribute [-BypassValidation] [-VenafiSession ] - [-WhatIf] [-Confirm] [] +Set-TppAttribute -Path -Attribute [-BypassValidation] [-NoOverwrite] + [-VenafiSession ] [-WhatIf] [-Confirm] [] ``` ### Policy ``` Set-TppAttribute -Path -Attribute -Class [-Lock] [-BypassValidation] - [-VenafiSession ] [-WhatIf] [-Confirm] [] + [-NoOverwrite] [-VenafiSession ] [-WhatIf] [-Confirm] [] ``` ## DESCRIPTION @@ -149,6 +149,23 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -NoOverwrite +Add to any existing value, if there is one, as opposed to overwriting. +Unlike overwriting, adding can only be a single value, not an array. +Not applicable to custom fields. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -VenafiSession Authentication for the function. The value defaults to the script session object $VenafiSession created by New-VenafiSession. @@ -219,6 +236,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable [https://docs.venafi.com/Docs/currentSDK/TopNav/Content/SDK/WebSDK/r-SDK-POST-Metadata-SetPolicy.php](https://docs.venafi.com/Docs/currentSDK/TopNav/Content/SDK/WebSDK/r-SDK-POST-Metadata-SetPolicy.php) +[https://docs.venafi.com/Docs/current/TopNav/Content/SDK/WebSDK/r-SDK-POST-Config-addvalue.php](https://docs.venafi.com/Docs/current/TopNav/Content/SDK/WebSDK/r-SDK-POST-Config-addvalue.php) + +[https://docs.venafi.com/Docs/current/TopNav/Content/SDK/WebSDK/r-SDK-POST-Config-addpolicyvalue.php](https://docs.venafi.com/Docs/current/TopNav/Content/SDK/WebSDK/r-SDK-POST-Config-addpolicyvalue.php) + [https://docs.venafi.com/Docs/current/TopNav/Content/SDK/WebSDK/r-SDK-POST-Config-write.php](https://docs.venafi.com/Docs/current/TopNav/Content/SDK/WebSDK/r-SDK-POST-Config-write.php) [https://docs.venafi.com/Docs/current/TopNav/Content/SDK/WebSDK/r-SDK-POST-Config-writepolicy.php](https://docs.venafi.com/Docs/current/TopNav/Content/SDK/WebSDK/r-SDK-POST-Config-writepolicy.php) diff --git a/docs/functions/Set-TppPermission.md b/docs/functions/Set-TppPermission.md index a04d5397..250d639b 100644 --- a/docs/functions/Set-TppPermission.md +++ b/docs/functions/Set-TppPermission.md @@ -1,24 +1,41 @@ # Set-TppPermission ## SYNOPSIS -Set permissions for TPP objects +Set explicit permissions for TPP objects ## SYNTAX -### ByGuid (Default) +### PermissionObjectGuid (Default) ``` -Set-TppPermission -Guid -IdentityId -Permission [-Force] +Set-TppPermission -Guid -IdentityId -Permission [-Force] [-VenafiSession ] [-WhatIf] [-Confirm] [] ``` -### ByPath +### PermissionPath ``` -Set-TppPermission -Path -IdentityId -Permission [-Force] +Set-TppPermission -Path -IdentityId [-IsAssociateAllowed] [-IsCreateAllowed] + [-IsDeleteAllowed] [-IsManagePermissionsAllowed] [-IsPolicyWriteAllowed] [-IsPrivateKeyReadAllowed] + [-IsPrivateKeyWriteAllowed] [-IsReadAllowed] [-IsRenameAllowed] [-IsRevokeAllowed] [-IsViewAllowed] + [-IsWriteAllowed] [-Force] [-VenafiSession ] [-WhatIf] [-Confirm] [] +``` + +### PermissionObjectPath +``` +Set-TppPermission -Path -IdentityId -Permission [-Force] + [-VenafiSession ] [-WhatIf] [-Confirm] [] +``` + +### PermissionGuid +``` +Set-TppPermission -Guid -IdentityId [-IsAssociateAllowed] [-IsCreateAllowed] [-IsDeleteAllowed] + [-IsManagePermissionsAllowed] [-IsPolicyWriteAllowed] [-IsPrivateKeyReadAllowed] [-IsPrivateKeyWriteAllowed] + [-IsReadAllowed] [-IsRenameAllowed] [-IsRevokeAllowed] [-IsViewAllowed] [-IsWriteAllowed] [-Force] [-VenafiSession ] [-WhatIf] [-Confirm] [] ``` ## DESCRIPTION -Adds or modifies permissions on TPP objects +Adds, modifies, or removes explicit permissions on TPP objects. +You can provide a complete permission object or modify individual permissions. ## EXAMPLES @@ -38,6 +55,34 @@ Permission a user/group on an object specified by path ### EXAMPLE 3 ``` +Get-TppPermission -Path '\ved\policy\my folder' -IdentityId 'AD+mydomain.com:azsxdcfvgbhnjmlk09877654321' -Explicit | Set-TppPermission -IdentityId $newId +``` + +Permission a user/group based on permissions of an existing user/group + +### EXAMPLE 4 +``` +Get-TppPermission -Path '\ved\policy\my folder' -IdentityId 'AD+mydomain.com:azsxdcfvgbhnjmlk09877654321' -Explicit | Set-TppPermission -IsWriteAllowed +``` + +Add specific permission(s) for a specific user/group associated with an object + +### EXAMPLE 5 +``` +Get-TppPermission -Path '\ved\policy\my folder' -Explicit | Set-TppPermission -IsAssociateAllowed -IsWriteAllowed +``` + +Add specific permission(s) for all existing user/group associated with an object + +### EXAMPLE 6 +``` +Get-TppPermission -Path '\ved\policy\my folder' -Explicit | Set-TppPermission -IsAssociateAllowed:$false +``` + +Remove specific permission(s) for all existing user/group associated with an object + +### EXAMPLE 7 +``` $id = Find-TppIdentity -Name 'brownstein' | Select-Object -ExpandProperty Id Find-TppObject -Path '\VED' -Recursive | Get-TppPermission -IdentityId $id | Set-TppPermission -Permission $TppPermObject -Force ``` @@ -48,18 +93,17 @@ Note the use of -Force to overwrite existing permissions. ## PARAMETERS ### -Path -Path to an object. -Can pipe output from many other functions. +Path to an object ```yaml -Type: String[] -Parameter Sets: ByPath +Type: String +Parameter Sets: PermissionPath, PermissionObjectPath Aliases: DN Required: True Position: Named Default value: None -Accept pipeline input: True (ByPropertyName) +Accept pipeline input: False Accept wildcard characters: False ``` @@ -67,8 +111,8 @@ Accept wildcard characters: False Guid representing a unique object ```yaml -Type: Guid[] -Parameter Sets: ByGuid +Type: Guid +Parameter Sets: PermissionObjectGuid, PermissionGuid Aliases: ObjectGuid Required: True @@ -83,7 +127,7 @@ The id that represents the user or group. You can use Find-TppIdentity or Get-TppPermission to get the id. ```yaml -Type: String[] +Type: String Parameter Sets: (All) Aliases: PrefixedUniversalId, ID @@ -95,23 +139,213 @@ Accept wildcard characters: False ``` ### -Permission -TppPermission object. -You can create a new object or get existing object from Get-TppPermission. +TppPermission object to set. +You can create a new object and modify it or get an existing object with Get-TppPermission. ```yaml Type: TppPermission -Parameter Sets: (All) -Aliases: +Parameter Sets: PermissionObjectGuid, PermissionObjectPath +Aliases: ExplicitPermissions Required: True Position: Named Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -IsAssociateAllowed +Associate or disassociate an Application and Device object with a certificate. +Push the certificate and private key to the Application object. +Retry the certificate installation. + +```yaml +Type: SwitchParameter +Parameter Sets: PermissionPath, PermissionGuid +Aliases: + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IsCreateAllowed +The caller can create subordinate objects, such as Devices and Applications. +Create permission grants implicit View permission. + +```yaml +Type: SwitchParameter +Parameter Sets: PermissionPath, PermissionGuid +Aliases: + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IsDeleteAllowed +The caller can delete objects. + +```yaml +Type: SwitchParameter +Parameter Sets: PermissionPath, PermissionGuid +Aliases: + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IsManagePermissionsAllowed +The caller can grant other user or group Identities permission to the current object or subordinate objects. + +```yaml +Type: SwitchParameter +Parameter Sets: PermissionPath, PermissionGuid +Aliases: + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IsPolicyWriteAllowed +The caller can modify policy values on folders. +Also requires View permission. +Manage Policy permission grants implicit Read permission and Write permission. + +```yaml +Type: SwitchParameter +Parameter Sets: PermissionPath, PermissionGuid +Aliases: + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IsPrivateKeyReadAllowed +The caller can download the private key for Policy and Certificate objects. + +```yaml +Type: SwitchParameter +Parameter Sets: PermissionPath, PermissionGuid +Aliases: + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IsPrivateKeyWriteAllowed +The caller can upload the private key for Policy, Certificate, and Private Key Credential objects to Trust Protection Platform. + +```yaml +Type: SwitchParameter +Parameter Sets: PermissionPath, PermissionGuid +Aliases: + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IsReadAllowed +The caller can view and read object data from the Policy tree. +However, to view subordinate objects, View permission or higher permissions is also required. + +```yaml +Type: SwitchParameter +Parameter Sets: PermissionPath, PermissionGuid +Aliases: + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IsRenameAllowed +The caller can rename and move Policy tree objects. +Move capability also requires Rename permission to the object and Create permission to the target folder. + +```yaml +Type: SwitchParameter +Parameter Sets: PermissionPath, PermissionGuid +Aliases: + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IsRevokeAllowed +The caller can invalidate a certificate. +Also requires Write permission to the certificate. + +```yaml +Type: SwitchParameter +Parameter Sets: PermissionPath, PermissionGuid +Aliases: + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IsViewAllowed +The caller can confirm that the object is present in the Policy tree. + +```yaml +Type: SwitchParameter +Parameter Sets: PermissionPath, PermissionGuid +Aliases: + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IsWriteAllowed +The caller can edit object attributes. +To move objects in the tree, the caller must have Write permission to the objects and Create permission to the target folder. +Write permission grants implicit Read permission. + +```yaml +Type: SwitchParameter +Parameter Sets: PermissionPath, PermissionGuid +Aliases: + +Required: False +Position: Named +Default value: False Accept pipeline input: False Accept wildcard characters: False ``` ### -Force -Overwrite an existing permission if one exists +When setting a TppPermission object with -Permission and one already exists, use this to overwrite ```yaml Type: SwitchParameter @@ -179,7 +413,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## INPUTS -### Path, Guid, IdentityId +### Guid, IdentityId, Permission ## OUTPUTS ### None @@ -196,3 +430,5 @@ Confirmation impact is set to Medium, set ConfirmPreference accordingly. [https://docs.venafi.com/Docs/current/TopNav/Content/SDK/WebSDK/r-SDK-PUT-Permissions-object-guid-principal.php](https://docs.venafi.com/Docs/current/TopNav/Content/SDK/WebSDK/r-SDK-PUT-Permissions-object-guid-principal.php) +[https://docs.venafi.com/Docs/current/TopNav/Content/SDK/WebSDK/r-SDK-Permissions-Effective.php](https://docs.venafi.com/Docs/current/TopNav/Content/SDK/WebSDK/r-SDK-Permissions-Effective.php) +