Permission

PowerShell Function To Add Filesystem Permissions

Recently wrote a simple function to add permission to filesystem resources. It defaults to modify permissions, but can also be another basic permission for instance: Read, Write or FullControl.

function fnAddFilesystemPermissions()
{
  param (
    [string]$sPath,
	[string]$sUserName,
	[string]$sPermission = "Modify"
  )

  # Add write permissions to a file using powershell...
  $accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($sUserName,$sPermission,"Allow")
  $acl = Get-ACL -Path $sPath
  $acl.SetAccessRule($accessRule)
  $acl | Set-Acl -Path $sPath

  # Return permissions...
  return (Get-ACL -Path $sPath).Access | Format-Table 
}

PS> fnAddFilesystemPermissions -sPath “C:\Path\To\Resource” -sUserName “User-Principle-Name” [-sPermission “FullControl“]

MSSQL Check Effective Permissions

Check effective permissions on al securable using sys.fn_my_permissions(‘securable’, ‘class’). Class can be OBJECT, ROLE, SCHEMA, USER, etc.

EXECUTE AS LOGIN = 'DOMAIN\User'
SELECT * FROM sys.fn_my_permissions('dbo.TableName', 'Object')
REVERT

Create server or database role (QuickRef).

CREATE (SERVER) ROLE rolename
ALTER (SERVER) ROLE rolename ADD MEMBER [DOMAIN\User]

Grant or revoke permissions (QuickRef).

[GRANT|DENY|REVOKE] [SELECT|INSERT|UPDATE|DELETE|EXECUTE] (ON [dbo].[TableName]|SCHEMA::[SchemaName]) [TO|FROM] [Account|Role]

>GRANT SELECT, INSERT ON [dbo].[ViewName] TO DOMAIN\User
>GRANT EXECUTE ON [dbo].[Procedure] TO [RoleName]