diff --git a/CHANGELOG.md b/CHANGELOG.md
index b064181..2991704 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,16 @@
All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com), and this project adheres to [Semantic Versioning](https://semver.org).
+## [3.0.2] - 12-06-2026
+
+### Changed
+- Support '-' in permission names
+- Made permission name and role name independant
+- Minor fixes
+
+### Fixed
+- Issue #8
+
## [3.0.1] - 01-05-2026
### Added
diff --git a/readme.md b/README.md
similarity index 95%
rename from readme.md
rename to README.md
index 1e73436..99bec03 100644
--- a/readme.md
+++ b/README.md
@@ -6,7 +6,7 @@
-
+
@@ -140,9 +140,6 @@ $lookupValues = @{
> [!TIP]
> _For more information on how to configure a HelloID PowerShell connector, please refer to our [documentation](https://docs.helloid.com/en/provisioning/target-systems/powershell-v2-target-systems.html) pages_.
-> [!TIP]
-> _If you need help, feel free to ask questions on our [forum](https://forum.helloid.com/forum/helloid-connectors/provisioning/1481-helloid-conn-prov-target-intus)_
-
## HelloID docs
The official HelloID documentation can be found at: https://docs.helloid.com/
diff --git a/create.ps1 b/create.ps1
index 6b6d777..077e9e6 100644
--- a/create.ps1
+++ b/create.ps1
@@ -98,7 +98,7 @@ try {
$correlatedAccount = Invoke-RestMethod @splatGetUserParams
}
catch {
- if (-not($_.ErrorDetails.Message -match '211 - Object does not exist')) {
+ if (-not($_.ErrorDetails.Message -match '211 - .*does not exist')) {
throw "Cannot get user error: [$($_.Exception.Message)]"
}
}
diff --git a/disable.ps1 b/disable.ps1
index 000bd4e..cec74d6 100644
--- a/disable.ps1
+++ b/disable.ps1
@@ -86,7 +86,7 @@ try {
}
$correlatedAccount = Invoke-RestMethod @splatGetUserParams
} catch {
- if ( -not ($_.ErrorDetails.Message -match '211 - Object does not exist')) {
+ if ( -not ($_.ErrorDetails.Message -match '211 - .*does not exist')) {
throw "Cannot get user error: [$($_.Exception.Message)]"
}
}
diff --git a/enable.ps1 b/enable.ps1
index 68b6bcd..9dbb116 100644
--- a/enable.ps1
+++ b/enable.ps1
@@ -86,7 +86,7 @@ try {
}
$correlatedAccount = Invoke-RestMethod @splatGetUserParams
} catch {
- if ( -not ($_.ErrorDetails.Message -match '211 - Object does not exist')) {
+ if ( -not ($_.ErrorDetails.Message -match '211 - .*does not exist')) {
throw "Cannot get user error: [$($_.Exception.Message)]"
}
}
diff --git a/permissions/permissions.ps1 b/permissions/permissions.ps1
index dfbbeb6..2b43f1c 100644
--- a/permissions/permissions.ps1
+++ b/permissions/permissions.ps1
@@ -16,6 +16,9 @@ try {
@{
RoleName = 'Leidinggevende'
},
+ @{
+ RoleName = 'Consignatiedienst Cluster A'
+ },
@{
RoleName = 'ADMIN'
}
diff --git a/permissions/subPermissions.ps1 b/permissions/subPermissions.ps1
index a893f3a..95978bb 100644
--- a/permissions/subPermissions.ps1
+++ b/permissions/subPermissions.ps1
@@ -7,24 +7,32 @@
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor [System.Net.SecurityProtocolType]::Tls12
# Script Mapping lookup values and permission mapping
-$permissionMapping = @(
- @{
+$permissionMapping = @{
+ 'Planner' = @{
role = 'Planner'
resourceGroup = 'Planner {{LocationOwn}}'
exchangeGroup = 'Company'
shiftGroup = 'Company'
worklocationGroup = 'Root'
userGroup = 'Root'
- },
- @{
+ }
+ 'Leidinggevende' = @{
role = 'Leidinggevende'
resourceGroup = '{{CostCenterOwn}}'
exchangeGroup = 'Company'
shiftGroup = 'Company'
worklocationGroup = 'Root'
userGroup = 'Root'
- },
- @{
+ }
+ 'Consignatiedienst Cluster A' = @{
+ role = 'Consignatiedienst'
+ resourceGroup = 'Cluster A'
+ exchangeGroup = 'Company'
+ shiftGroup = 'Company'
+ worklocationGroup = 'Root'
+ userGroup = 'Root'
+ }
+ 'ADMMIN' = @{
role = 'ADMIN'
resourceGroup = 'ADMIN'
exchangeGroup = 'ADMIN'
@@ -32,7 +40,7 @@ $permissionMapping = @(
worklocationGroup = 'Root'
userGroup = 'Root'
}
-)
+}
# Lookup values which are used in the mapping to determine {{REPLACEMENT}}
$lookupValues = @{
@@ -145,7 +153,7 @@ try {
}
if ($actionContext.Operation -ne 'revoke' ) {
- $subPermission = $permissionMapping | Where-Object { $_.role -eq $actionContext.References.Permission.Reference }
+ $subPermission = $permissionMapping[$actionContext.References.Permission.Reference]
if ($null -eq $subPermission) {
throw "Permission [$($actionContext.References.Permission.Reference)] does not have a valid script mapping defined"
}
@@ -174,7 +182,7 @@ try {
$correlatedAccount = Invoke-RestMethod @splatGetUserParams
}
catch {
- if ( -not ($_.ErrorDetails.Message -match '211 - Object does not exist')) {
+ if ( -not ($_.ErrorDetails.Message -match '211 - .*does not exist')) {
$correlatedAccount = $null
}
}
@@ -214,7 +222,7 @@ try {
$mappedProperty = ($contract | Select-Object $lookupValue).$lookupValue
$null = Resolve-ReplaceHolderValue -ReplaceVariable $replaceVariable.Key -MappedProperty $mappedProperty -Contract $contract -DesiredPermission $desiredPermission
}
- $desiredPermissionUniqueKey = "$($actionContext.References.Permission.Reference)-$($desiredPermission.ResourceGroup)"
+ $desiredPermissionUniqueKey = "$($desiredPermission.Role)&&$($desiredPermission.ResourceGroup)"
$desiredPermissions[$desiredPermissionUniqueKey] = $desiredPermission
}
}
@@ -223,7 +231,7 @@ try {
# Processing Static permissions body without placeholder(s)
else {
$desiredPermission = $subPermission.PSObject.Copy()
- $desiredPermissionUniqueKey = "$($actionContext.References.Permission.Reference)-$($desiredPermission.ResourceGroup)"
+ $desiredPermissionUniqueKey = "$($desiredPermission.Role)&&$($desiredPermission.ResourceGroup)"
$desiredPermissions[$desiredPermissionUniqueKey] = $desiredPermission
}
@@ -239,13 +247,14 @@ try {
if ($actionContext.DryRun -eq $true) {
Write-Information "[DryRun] Grant access to permission $($permission.Name), will be executed during enforcement"
}
+
$existingRole = $currentRoles | Where-Object { $_.role -eq $permission.Value.role -and $_.resourceGroup -eq $permission.Value.resourceGroup }
if (-not $existingRole) {
$null = $currentRoles.Add($permission.value)
}
elseif ($existingRole.count -eq 1) {
- $currentRoles.Remove($existingRole)
- $currentRoles.Add($permission.value)
+ $null = $currentRoles.Remove($existingRole)
+ $null = $currentRoles.Add($permission.value)
}
$outputContext.AuditLogs.Add([PSCustomObject]@{
@@ -259,8 +268,8 @@ try {
# Process and calculate current permissions Revoke
foreach ($permission in $currentPermissions.GetEnumerator()) {
- $roleName = $permission.Name -split '-' | Select-Object -First 1
- $resourceGroup = $permission.Name -split '-' | Select-Object -Last 1
+ $roleName = $permission.Name -split '&&' | Select-Object -First 1
+ $resourceGroup = $permission.Name -split '&&' | Select-Object -Last 1
if (-not $desiredPermissions.ContainsKey($permission.Name)) {
if ($actionContext.DryRun -eq $true) {
Write-Information "[DryRun] Revoke access to permission $($permission.Name), will be executed during enforcement"
diff --git a/update.ps1 b/update.ps1
index 5590edc..3786a68 100644
--- a/update.ps1
+++ b/update.ps1
@@ -87,7 +87,7 @@ try {
}
$correlatedAccount = Invoke-RestMethod @splatGetUserParams
} catch {
- if ( -not ($_.ErrorDetails.Message -match '211 - Object does not exist')) {
+ if ( -not ($_.ErrorDetails.Message -match '211 - .*does not exist')) {
throw "Cannot get user error: [$($_.Exception.Message)]"
}
}