AccessRules - BugFix + Validation/warning on setting access rules #82
Conversation
AndiBellstedt
commented
Jan 15, 2024
AndiBellstedt
commented
- Fix: Access Rules - "NoFixConfig" option within AccessRules wasn't respected. (issue Component AccessRules: Setting "NoFixConfig" isn't respected by Test-DMAccessRule #81)
- Upd: Access Rules - Add warning message when access rule is applied but redundant or simply not working in the acl object
| @@ -95,6 +95,7 @@ | |||
| ObjectTypeName = $objectTypeName | |||
| PropagationFlags = $ruleObject.PropagationFlags | |||
| Present = $ruleObject.Present | |||
| NoFixConfig = $ruleObject.NoFixConfig | |||
There was a problem hiding this comment.
Thanks for catching that one
| if(-not ($aclObject.Access | Where-Object { $_ -in $accessRule })) { | ||
| $failedCount = $failedCount + 1 | ||
| Write-PSFMessage -Level Warning -String 'Invoke-DMAccessRule.AccessRule.Creation.NotApplied' -StringValues $testItem.Identity, $changeEntry.Configuration.IdentityReference -Target $changeEntry | ||
| } |
There was a problem hiding this comment.
Was there a particular problem you added those for or was that more of a "Oh. there's a TODO marker there, lets add that while I'm on it"?
There was a problem hiding this comment.
Actually, I was digging around with the AccessRules and did some testing. As far as I remember -and it was a while ago, so my mind is a bit blurry on the exact situation- I did consider that as a bug.
ADMF did not throw information on NoFix-Items and on edge-case-scenarios.
Something like a ACE is not present on the object but defined on schema default ACL. Something like this, but as said, I did not remember exactly.
...and in the end... in fact it was marked as ToDo and did make sense to me.
… empty (and it is on default objects)
