Configure a permission set
Under Permissions, define one or more Standard permissions, either manually or programmatically.
Manually
Turn off the Use Script to Retrieve Permissions toggle.
Click the Permissions button and give each permission a Display Name and a Reference.
Click Apply to save your changes.
Programmatically
Turn on the Use Script to Retrieve Permissions toggle.
Click the Retrieve Permissions Script button and modify the PowerShell code. In a PowerShell v1 system, you do this by building a $permissions array and returning it via Write-Output. In a PowerShell v2 system, you do this by calling the Add method on $outputContext.Permissions, which you should not explicitly return.
To test run your script, click Preview.
Click Apply to save your changes.
Optional: If you're using sub-permissions, enable the Sub-Permissions Enable toggle. See Sub-permissions.
Under Actions, customize the grant/update/revoke PowerShell code. See Permission actions.
With sub-permissions (single script)
Typically, you should use a Single permission script (Use Separate Script For Each Action disabled) if you are using sub-permissions.
Turn off the Use Separate Script For Each Action toggle.
Click the Handle All Actions Script button and customize the PowerShell code.
To test run your script, click Preview.
Click Apply to save your changes.
Without sub-permissions (separate scripts)
Typically, you should use Separate permission scripts (Use Separate Script For Each Action enabled) if you are not using sub-permissions.
Turn on the Use Separate Script For Each Action toggle.
Click the Grant Action Script button.
In the
if
statement, write code that grants the current target account ($accountReference for PowerShell v1 systems, or $actionContext.References.Account in PowerShell v2 systems) a privilege in the target system. For example, add the account to a group.Click Apply to save your changes.
Click the Revoke Action Script button.
In the
if
statement, write code that revokes the current target account's privilege. For example, remove the account from a group.Click Apply to save your changes.
Optional: Click the Update Action Script button.
In the
if
statement, write code that updates the current target account's privilege. For example, change the group that the account is in.Important
The Update permission script is only relevant if you're using Sub-permissions with Separate permission scripts, which is not recommended. If you're not using sub-permissions, remove the entire update script.
Click Apply to save your changes.