Miscellaneous Scripts
d-fens GmbH
General-Guisan-Strasse 6
CH-6300 Zug
Switzerland
Using the built-in RBAC feature of LightSwitch is really cool and easy to use until you have to assign all of your application defined permissions to roles and users. This is usually where the Administration DesktopClient does not scale too well… But of course there is help: and it is especially easy, when you utilize PowerShell to tackle that task.
In order to automate this you just have to create a service wrapper (or Service Reference to be precise) as described already on the LightSwitch Team blog and elsewhere. But instead of using ‘ApplicationData.svc’ as the service reference you specify ‘Microsoft.LightSwitch.SecurityData.svc’ as the data source. And there you are. You now only have to compile the assembly and instantiate it like it is shown in ‘AddRolesPermissions.ps1’:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # LightSwitch: Modifying roles, permissions and users via PowerShell | |
| # https://d-fens.ch/2014/04/18/lightswitch-modifying-roles-permissions-and-users-via-powershell/ | |
| $perm = $sec.Permissions |? Id -eq 'Microsoft.LightSwitch.Security:SecurityAdministration'; | |
| $r = $sec.Roles |? Name -eq 'DefaultUser'; | |
| $rp = New-Object LsWrapper.SecurityData.RolePermission; | |
| $sec.AddToRolePermissions($rp); | |
| $sec.SetLink($rp, 'Role', $r); | |
| $sec.SetLink($rp, 'Permission', $perm); | |
| $sec.UpdateObject($rp); | |
| $sec.SaveChanges(); | |
| <# | |
| Copyright 2014-2015 d-fens GmbH | |
| Licensed under the Apache License, Version 2.0 (the "License"); | |
| you may not use this file except in compliance with the License. | |
| You may obtain a copy of the License at | |
| http://www.apache.org/licenses/LICENSE-2.0 | |
| Unless required by applicable law or agreed to in writing, software | |
| distributed under the License is distributed on an "AS IS" BASIS, | |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| See the License for the specific language governing permissions and | |
| limitations under the License. | |
| #> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # LightSwitch: Modifying roles, permissions and users via PowerShell | |
| # https://d-fens.ch/2014/04/18/lightswitch-modifying-roles-permissions-and-users-via-powershell/ | |
| PS > Add-Type –Path "C:\dfch.biz\LsWrapper.dll"; | |
| PS > $sec = New-Object LsWrapper.SecurityData.SecurityData( | |
| 'https://www.example.com/Microsoft.LightSwitch.SecurityData.svc'); | |
| PS > $sec.Credentials = [System.Net.CredentialCache]::DefaultCredentials; | |
| PS > $sec | gm –Type Properties; | |
| Name MemberType Definition | |
| —- ———- ———- | |
| Permissions Property System.Data.Services.Client.DataServiceQuery[LsWrapper… | |
| RoleAssignments Property System.Data.Services.Client.DataServiceQuery[LsWrapper… | |
| RolePermissions Property System.Data.Services.Client.DataServiceQuery[LsWrapper… | |
| Roles Property System.Data.Services.Client.DataServiceQuery[LsWrapper… | |
| <# | |
| Copyright 2014-2015 d-fens GmbH | |
| Licensed under the Apache License, Version 2.0 (the "License"); | |
| you may not use this file except in compliance with the License. | |
| You may obtain a copy of the License at | |
| http://www.apache.org/licenses/LICENSE-2.0 | |
| Unless required by applicable law or agreed to in writing, software | |
| distributed under the License is distributed on an "AS IS" BASIS, | |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| See the License for the specific language governing permissions and | |
| limitations under the License. | |
| #> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Miscellaneous Scripts | |
| Copyright 2014 d-fens GmbH | |
| This product includes software developed at | |
| d-fens GmbH (https://d-fens.ch/) | |
| d-fens GmbH | |
| General-Guisan-Strasse 6 | |
| CH-6300 Zug | |
| Switzerland |
From there you take the usual approach as already described in my post about the vCAC Management Context (as they use the same underlying technology (‘Microsoft ADO.NET Data Services’).
To assign a permission to a role you would do something like in ‘file-addrolespermissions-ps1’ from the above example.
The same works for adding users to roles and so forth.
[UPDATE] For a more detailed description on what you can also do with the SecurityData.svc and its architecture you can also have a look at Matt Thalman’s article on Using the SecurityData service in LightSwitch.
Ronald Rink
I am a senior auditor and consultant at d-fens for business processes and information systems.
d-fens GmbH 
1 Comment »