Voltar
-
Título
HOW TO: Finding all Access Template linkages to Access Templates which contain a "Deny" permission -
Descrição
When troubleshooting and investigating Active Roles Access Template delegations, it may be useful to isolate any Access Template linkages that are configured to Access Templates which contain a "Deny" permission.
-
Causa
The Active Roles Management Shell can be used to query the Active Roles configuration and filter for Access Templates which contain a "Deny" permission, and then query for Access Template linkages to those Access Templates.
-
Resolução
#This query is intended to be run in the PowerShell ISE on an Active Roles Administration Service host under the security context of an Active Roles Admin Connect-QADService -Proxy -Service localhost #Connect to the local Active Roles Administration Service $templates = Get-QADObject -SearchRoot "CN=Access Templates,CN=Configuration" -Type edsAccessTemplate -IncludedProperties edsaATEList -sizeLimit 0 | select dn, edsaATEList | where {$_.edsaATEList -Match "\u005bD;;"} #Deny Access Templates have an ATEList reference that starts with [D;;..... foreach($template in $templates) #Loop through all returned Access Templates and find any configured linkages { Get-QARSAccessTemplateLink -AccessTemplate $template.dn }