LightSwitch: Modifying roles, permissions and users via PowerShell

Using the built-in RBAC feature of LightSwitch is really cool and easy to use until you have to assign all of your application defined permissions to roles and users. This is usually where the Administration DesktopClient does not scale too well… But of course there is help: and it is especially easy, when you utilize PowerShell to tackle that task.
In order to automate this you just have to create a service wrapper (or Service Reference to be precise) as described already on the LightSwitch Team blog and elsewhere. But instead of using ‘ApplicationData.svc’ as the service reference you specify ‘Microsoft.LightSwitch.SecurityData.svc’ as the data source. And there you are. You now only have to compile the assembly and instantiate it like it is shown in ‘AddRolesPermissions.ps1’:

Miscellaneous Scripts

d-fens GmbH
General-Guisan-Strasse 6
CH-6300 Zug
Switzerland

# LightSwitch: Modifying roles, permissions and users via PowerShell
# https://d-fens.ch/2014/04/18/lightswitch-modifying-roles-permissions-and-users-via-powershell/
$perm = $sec.Permissions |? Id -eq 'Microsoft.LightSwitch.Security:SecurityAdministration';
$r = $sec.Roles |? Name -eq 'DefaultUser';
$rp = New-Object LsWrapper.SecurityData.RolePermission;
$sec.AddToRolePermissions($rp);
$sec.SetLink($rp, 'Role', $r);
$sec.SetLink($rp, 'Permission', $perm);
$sec.UpdateObject($rp);
$sec.SaveChanges();
<#
Copyright 2014-2015 d-fens GmbH
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
#>

# LightSwitch: Modifying roles, permissions and users via PowerShell
# https://d-fens.ch/2014/04/18/lightswitch-modifying-roles-permissions-and-users-via-powershell/
PS > Add-Type Path "C:\dfch.biz\LsWrapper.dll";
PS > $sec = New-Object LsWrapper.SecurityData.SecurityData(
'https://www.example.com/Microsoft.LightSwitch.SecurityData.svc');
PS > $sec.Credentials = [System.Net.CredentialCache]::DefaultCredentials;
PS > $sec | gm Type Properties;
Name MemberType Definition
—- ———- ———-
Permissions Property System.Data.Services.Client.DataServiceQuery[LsWrapper…
RoleAssignments Property System.Data.Services.Client.DataServiceQuery[LsWrapper…
RolePermissions Property System.Data.Services.Client.DataServiceQuery[LsWrapper…
Roles Property System.Data.Services.Client.DataServiceQuery[LsWrapper…
<#
Copyright 2014-2015 d-fens GmbH
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
#>

Miscellaneous Scripts
Copyright 2014 d-fens GmbH
This product includes software developed at
d-fens GmbH (https://d-fens.ch/)
d-fens GmbH
General-Guisan-Strasse 6
CH-6300 Zug
Switzerland

view raw
NOTICE
hosted with ❤ by GitHub

From there you take the usual approach as already described in my post about the vCAC Management Context (as they use the same underlying technology (‘Microsoft ADO.NET Data Services’).
To assign a permission to a role you would do something like in ‘file-addrolespermissions-ps1’ from the above example.

The same works for adding users to roles and so forth.

[UPDATE] For a more detailed description on what you can also do with the SecurityData.svc and its architecture you can also have a look at Matt Thalman’s article on Using the SecurityData service in LightSwitch.

Trackbacks

  1. […] introduction on how to use the LightSwitch data model from PowerShell you can have a quick look at LightSwitch: Modifying roles, permissions and users via PowerShell. In short, you just have to create an empty class library with a service reference in Visual […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: