API Reference
Command
Add-ADXAclGovernedPermission
Runs a governance-aware ACL add-permission operation with dry-run/apply semantics.
Examples
Generated fallback example from parameter set 'By ADObject'.
Add-ADXAclGovernedPermission -ADObject 'Value' -Identity 'Value' -Rights 'CreateChild'
Generated fallback example from parameter set 'By Entry'.
Add-ADXAclGovernedPermission -Entry 'Value' -Identity 'Value' -Rights 'CreateChild'
Common Parameters
This command supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable.
For more information, see about_CommonParameters.
Syntax
Add-ADXAclGovernedPermission -Security <ActiveDirectorySecurity> -Identity <string> -Rights <CreateChild> [-AccessControlType <Allow|Deny>] [-AllowWrite] [-Apply] [-DryRun <bool>] [-Inheritance <All|Descendents|Children|SelfAndChildren>] [-Intent <string>] [-WriteActorId <string>] [-WriteAuditCorrelationId <string>] [-WriteChangeReason <string>] [-WriteExecutionId <string>] [-WriteRollbackPlanId <string>] [-WriteRollbackProviderId <string>] [<CommonParameters>]Parameter set:
By SecurityParameters
- Security ActiveDirectorySecurity
- ActiveDirectorySecurity instance to modify.
- Identity string
- Identity to add (SID, DOMAIN\name, UPN, DN).
- Rights AclRights
- Rights to add. Possible values: None, CreateChild, Delete, ReadControl, WriteDacl, WriteOwner, GenericRead, GenericWrite, GenericExecute, ListChildren, DeleteChild, DeleteTree, ReadProperty, WriteProperty, ExtendedRight, Self, GenericAll
- Possible values:
CreateChild,Delete,ReadControl,WriteDacl,WriteOwner,GenericRead,GenericWrite,GenericExecute,ListChildren,DeleteChild,DeleteTree,ReadProperty,WriteProperty,ExtendedRight,Self,GenericAll - AccessControlType AccessControlType
- Access type for the added ACE. Default: Allow. Possible values: Allow, Deny
- Possible values:
Allow,Deny - AllowWrite SwitchParameter
- Explicit write confirmation flag for mutating operations.
- Apply SwitchParameter
- Applies changes. Without this switch, the cmdlet runs in dry-run mode.
- DryRun bool
- Dry-run mode flag. Defaults to true; set to false (or use -Apply) to execute writes. If both switches are provided, -Apply takes precedence.
- Inheritance AclInheritance
- Inheritance mode for the added ACE. Default: None. Possible values: None, All, Descendents, Children, SelfAndChildren
- Possible values:
All,Descendents,Children,SelfAndChildren - Intent string
- Execution intent (read_only or read_write). Default: read_only.
- WriteActorId string
- Write actor identifier.
- WriteAuditCorrelationId string
- Optional write audit correlation identifier.
- WriteChangeReason string
- Write change reason, ticket, or approval reference.
- WriteExecutionId string
- Write execution identifier for governance/audit correlation.
- WriteRollbackPlanId string
- Write rollback plan identifier.
- WriteRollbackProviderId string
- Optional write rollback provider identifier.
Outputs
ADPlayground.Acl.AdxAclGovernedOperationResult
Add-ADXAclGovernedPermission -Entry <DirectoryEntry> -Identity <string> -Rights <CreateChild> [-AccessControlType <Allow|Deny>] [-AllowWrite] [-Apply] [-DryRun <bool>] [-Inheritance <All|Descendents|Children|SelfAndChildren>] [-Intent <string>] [-WriteActorId <string>] [-WriteAuditCorrelationId <string>] [-WriteChangeReason <string>] [-WriteExecutionId <string>] [-WriteRollbackPlanId <string>] [-WriteRollbackProviderId <string>] [<CommonParameters>]Parameter set:
By EntryParameters
- Entry DirectoryEntry
- DirectoryEntry object to modify.
- Identity string
- Identity to add (SID, DOMAIN\name, UPN, DN).
- Rights AclRights
- Rights to add. Possible values: None, CreateChild, Delete, ReadControl, WriteDacl, WriteOwner, GenericRead, GenericWrite, GenericExecute, ListChildren, DeleteChild, DeleteTree, ReadProperty, WriteProperty, ExtendedRight, Self, GenericAll
- Possible values:
CreateChild,Delete,ReadControl,WriteDacl,WriteOwner,GenericRead,GenericWrite,GenericExecute,ListChildren,DeleteChild,DeleteTree,ReadProperty,WriteProperty,ExtendedRight,Self,GenericAll - AccessControlType AccessControlType
- Access type for the added ACE. Default: Allow. Possible values: Allow, Deny
- Possible values:
Allow,Deny - AllowWrite SwitchParameter
- Explicit write confirmation flag for mutating operations.
- Apply SwitchParameter
- Applies changes. Without this switch, the cmdlet runs in dry-run mode.
- DryRun bool
- Dry-run mode flag. Defaults to true; set to false (or use -Apply) to execute writes. If both switches are provided, -Apply takes precedence.
- Inheritance AclInheritance
- Inheritance mode for the added ACE. Default: None. Possible values: None, All, Descendents, Children, SelfAndChildren
- Possible values:
All,Descendents,Children,SelfAndChildren - Intent string
- Execution intent (read_only or read_write). Default: read_only.
- WriteActorId string
- Write actor identifier.
- WriteAuditCorrelationId string
- Optional write audit correlation identifier.
- WriteChangeReason string
- Write change reason, ticket, or approval reference.
- WriteExecutionId string
- Write execution identifier for governance/audit correlation.
- WriteRollbackPlanId string
- Write rollback plan identifier.
- WriteRollbackProviderId string
- Optional write rollback provider identifier.
Outputs
ADPlayground.Acl.AdxAclGovernedOperationResult
Add-ADXAclGovernedPermission -ADObject <string> -Identity <string> -Rights <CreateChild> [-AccessControlType <Allow|Deny>] [-AllowWrite] [-Apply] [-DryRun <bool>] [-Inheritance <All|Descendents|Children|SelfAndChildren>] [-Intent <string>] [-WriteActorId <string>] [-WriteAuditCorrelationId <string>] [-WriteChangeReason <string>] [-WriteExecutionId <string>] [-WriteRollbackPlanId <string>] [-WriteRollbackProviderId <string>] [<CommonParameters>]Parameter set:
By ADObjectParameters
- ADObject string
- Distinguished name/path of the object to modify.
- Identity string
- Identity to add (SID, DOMAIN\name, UPN, DN).
- Rights AclRights
- Rights to add. Possible values: None, CreateChild, Delete, ReadControl, WriteDacl, WriteOwner, GenericRead, GenericWrite, GenericExecute, ListChildren, DeleteChild, DeleteTree, ReadProperty, WriteProperty, ExtendedRight, Self, GenericAll
- Possible values:
CreateChild,Delete,ReadControl,WriteDacl,WriteOwner,GenericRead,GenericWrite,GenericExecute,ListChildren,DeleteChild,DeleteTree,ReadProperty,WriteProperty,ExtendedRight,Self,GenericAll - AccessControlType AccessControlType
- Access type for the added ACE. Default: Allow. Possible values: Allow, Deny
- Possible values:
Allow,Deny - AllowWrite SwitchParameter
- Explicit write confirmation flag for mutating operations.
- Apply SwitchParameter
- Applies changes. Without this switch, the cmdlet runs in dry-run mode.
- DryRun bool
- Dry-run mode flag. Defaults to true; set to false (or use -Apply) to execute writes. If both switches are provided, -Apply takes precedence.
- Inheritance AclInheritance
- Inheritance mode for the added ACE. Default: None. Possible values: None, All, Descendents, Children, SelfAndChildren
- Possible values:
All,Descendents,Children,SelfAndChildren - Intent string
- Execution intent (read_only or read_write). Default: read_only.
- WriteActorId string
- Write actor identifier.
- WriteAuditCorrelationId string
- Optional write audit correlation identifier.
- WriteChangeReason string
- Write change reason, ticket, or approval reference.
- WriteExecutionId string
- Write execution identifier for governance/audit correlation.
- WriteRollbackPlanId string
- Write rollback plan identifier.
- WriteRollbackProviderId string
- Optional write rollback provider identifier.
Outputs
ADPlayground.Acl.AdxAclGovernedOperationResult