33 lines
1.0 KiB
PowerShell
33 lines
1.0 KiB
PowerShell
|
function Grant-RightsToFolderOrFile {
|
|||
|
<#
|
|||
|
.SYNOPSIS
|
|||
|
Sets ACL on a folder or file for a user
|
|||
|
#>
|
|||
|
param (
|
|||
|
[string]$Account,
|
|||
|
[string]$Path,
|
|||
|
[System.Security.AccessControl.FileSystemRights]$Rights
|
|||
|
)
|
|||
|
|
|||
|
$logLead = (Get-LogLeadName);
|
|||
|
|
|||
|
if ((Get-Item $Path).PSIsContainer) {
|
|||
|
$newRights = New-Object System.Security.AccessControl.FileSystemAccessRule($Account, $Rights, "ContainerInherit,ObjectInherit", "None", "Allow")
|
|||
|
}
|
|||
|
else {
|
|||
|
$newRights = New-Object System.Security.AccessControl.FileSystemAccessRule($Account, $Rights, "Allow")
|
|||
|
}
|
|||
|
|
|||
|
$acl = Get-Acl $Path
|
|||
|
$existingPermissions = $acl.Access | Where-Object {$_.IdentityReference.Value -like ("*{0}" -f $Account)}
|
|||
|
|
|||
|
if (($existingPermissions | Where-Object {$_.FileSystemRights -like ("*{0}*" -f $Rights)}).Count -gt 0) {
|
|||
|
Write-Output ("$logLead : Account or group {0} already has the specified rights to {1}" -f $Account, $Path)
|
|||
|
return
|
|||
|
}
|
|||
|
|
|||
|
$acl.SetAccessRule($newRights)
|
|||
|
Set-Acl $Path $acl
|
|||
|
}
|
|||
|
|