Skip to main content

HelloID

Configure a permission set
Step 1: Define standard permissions

  • Under Permissions, define one or more Standard permissions, either manually or programmatically.

    1. Manually

      1. Turn off the Use Script to Retrieve Permissions toggle.

        2021-10-12_16-04-42.png

      2. Click the Permissions button and give each permission a Display Name and a Reference.

        2021-06-04_10-31-19.png

      3. Click Apply to save your changes.

    2. Programmatically

      1. Turn on the Use Script to Retrieve Permissions toggle.

        2021-10-12_16-05-03.png

      2. Click the Retrieve Permissions Script button and modify the PowerShell code. In a PowerShell v1 system, you do this by building a $permissions array and returning it via Write-Output. In a PowerShell v2 system, you do this by calling the Add method on $outputContext.Permissions, which you should not explicitly return.

        2021-06-04_11-23-36.png

        PowerShell v1

        2023-11-15_13-36-39.jpg

        PowerShell v2

      3. To test run your script, click Preview.

        2021-10-15_15-35-45.png

        PowerShell v1

        2023-11-15_13-40-17.jpg

        PowerShell v2

      4. Click Apply to save your changes.

Step 2: Enable sub-permissions (optional)

  • If you're using sub-permissions, enable the Sub-Permissions Enable toggle. See Sub-permissions.

    2021-10-12_15-28-49.png
Step 3: Customize permission scripts

  • Under Actions, customize the grant/update/revoke PowerShell code. See Permission actions.

    1. With sub-permissions (single script)

      Typically, you should use a Single permission script (Use Separate Script For Each Action disabled) if you are using sub-permissions.

      1. Turn off the Use Separate Script For Each Action toggle.

        2021-10-12_15-29-20.png

      2. Click the Handle All Actions Script button and customize the PowerShell code.

        2023-11-15_13-42-59.jpg

        PowerShell v1

        2023-11-15_13-43-38.jpg

        PowerShell v2

      3. To test run your script, click Preview.

      4. Click Apply to save your changes.

    2. Without sub-permissions (separate scripts)

      Typically, you should use Separate permission scripts (Use Separate Script For Each Action enabled) if you are not using sub-permissions.

      1. Turn on the Use Separate Script For Each Action toggle.

        2021-10-12_15-29-31.png

      2. Click the Grant Action Script button.

        In the if statement, write code that grants the current target account ($accountReference for PowerShell v1 systems, or $actionContext.References.Account in PowerShell v2 systems) a privilege in the target system. For example, add the account to a group.

        Click Apply to save your changes.

      3. Click the Revoke Action Script button.

        In the if statement, write code that revokes the current target account's privilege. For example, remove the account from a group.

        Click Apply to save your changes.

      4. Click the Update Action Script button.

        In the if statement, write code that updates the current target account's privilege. For example, change the group that the account is in.

        Important

        The Update permission script is only relevant if you're using Sub-permissions with Separate permission scripts, which is not recommended. If you're not using sub-permissions, remove the entire update script.

      5. Click Apply to save your changes.

In this section: