PowerShell 調(diào)用Dataverse Web API 刪除安全角色

參考文檔:Calling Dataverse Web API in PowerShell using Client Credentials

以下是powershell腳本:

<#
    .SYNOPSIS 
    Connect to Dataverse and run Custom API Function

    .NOTES      
    Author     : Richard Wilson
    Author2    : Leiah modified on 20250209

    .PARAMETER $oAuthTokenEndpoint
    The v2 OAuth endpoint for the App registration. This can be found by opening the App registation and 
    clicking the Endpoints button in the Overview area.  Copy the OAuth 2.0 token endpoint (v2) url.
    
    .PARAMETER $appId
    The Application (client) ID of the App registration

    .PARAMETER $clientSecret
    The client secret generated within the App registration

    .PARAMETER $dataverseEnvUrl
    The url of the Dataverse environment you want to connect to
#>

param
(
    [string] $oAuthTokenEndpoint = '',
    
    [string] $appId = '',
    
    [string] $clientSecret = '',
    
    [string] $dataverseEnvUrl = ''
)

##########################################################
# Access Token Request
##########################################################

# OAuth Body Access Token Request
$authBody = 
@{
    client_id = $appId;
    client_secret = $clientSecret;    
    # The v2 endpoint for OAuth uses scope instead of resource
    scope = "$($dataverseEnvUrl)/.default"    
    grant_type = 'client_credentials'
}

# Parameters for OAuth Access Token Request
$authParams = 
@{
    URI = $oAuthTokenEndpoint
    Method = 'POST'
    ContentType = 'application/x-www-form-urlencoded'
    Body = $authBody
}

# Get Access Token
Write-Host 'Getting Access Token...'
$authRequest = Invoke-RestMethod @authParams -ErrorAction Stop
$authResponse = $authRequest
Write-Host "Access Token Received"
Write-Host "================================"

##########################################################
# Get user_email list from local file
##########################################################
$userEmailList = Get-Content -Path "Your local file path"

foreach ($user_email in $userEmailList) {
    ##########################################################
    # Call Dataverse WebAPI using Authentication Token
    ##########################################################

    $GUID = Get-SystemUserId -user_email $user_email -dataverseEnvUrl $dataverseEnvUrl -authResponse $authResponse
    Write-Host "The system user guid is: $GUID"
    Write-Host "================================"

    $Roles = Get-UserRoles -GUID $GUID -dataverseEnvUrl $dataverseEnvUrl -authResponse $authResponse
    Write-Host "$user_email has the following security roles:"
    foreach ($roleid in $Roles) {
        Write-Host "roleId:" $roleid.Matches.Groups[1].Value
    }
    Write-Host "================================"

    Remove-UserRoles -GUID $GUID -Roles $Roles -dataverseEnvUrl $dataverseEnvUrl -authResponse $authResponse
    Write-Host "Done removing security roles for user: $user_email"
    Write-Host "================================"
}

##########################################################
# Call Dataverse WebAPI using Authentication Token
##########################################################

function Get-SystemUserId {
    param (
        [string] $user_email,
        [string] $dataverseEnvUrl,
        [object] $authResponse
    )

    $uriParams = "systemusers?`$filter=internalemailaddress eq '$user_email'&`$select=systemuserid"
    $apiCallParams =
    @{
        URI = "$($dataverseEnvUrl)/api/data/v9.2/$($uriParams)"
        Headers = @{
            "Authorization" = "$($authResponse.token_type) $($authResponse.access_token)" 
        }
        Method = 'GET'
    }

    Write-Host 'Sending GET request to retrieve systemuserid for user:' $user_email
    $apiCallRequest = Invoke-RestMethod @apiCallParams -ErrorAction Stop
    $apiCallResponse = $apiCallRequest

    $systemUserId = $apiCallResponse.value | Select-String -Pattern "systemuserid=([a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12})"
    return $systemUserId.Matches.Groups[1].Value
}

function Get-UserRoles {
    param (
        [string] $GUID,
        [string] $dataverseEnvUrl,
        [object] $authResponse
    )

    $uriParams = "systemusers($GUID)/systemuserroles_association/`$ref"
    $apiCallParams =
    @{
        URI = "$($dataverseEnvUrl)/api/data/v9.2/$($uriParams)"
        Headers = @{
            "Authorization" = "$($authResponse.token_type) $($authResponse.access_token)" 
        }
        Method = 'GET'
    }

    Write-Host "Sending GET request to retrieve user security roles..."
    Write-Host "================================"
    $apiCallRequest = Invoke-RestMethod @apiCallParams -ErrorAction Stop
    $apiCallResponse = $apiCallRequest

    $Roles = $apiCallResponse.value | Select-String -Pattern "roles\((.*?)\)"
    return $Roles
}

function Remove-UserRoles {
    param (
        [string] $GUID,
        [array] $Roles,
        [string] $dataverseEnvUrl,
        [object] $authResponse
    )

    foreach ($roleids in $Roles) {
        $roleid = $roleids.Matches.Groups[1].Value
        $uriParams = "systemusers($GUID)/systemuserroles_association/`$ref?`$id=https://orgcd973b6c.api.crm.dynamics.com/api/data/v9.2/roles($roleid)"

        $apiCallParams =
        @{
            URI = "$($dataverseEnvUrl)/api/data/v9.2/$($uriParams)"
            Headers = @{
                "Authorization" = "$($authResponse.token_type) $($authResponse.access_token)" 
            }
            Method = 'DELETE'
        }
        
        Write-Host "Removing user security roles:" $roleid
        Invoke-RestMethod @apiCallParams -ErrorAction Stop    
        Write-Host "User security role removed"
        Write-Host "================"
    }
}


Write-Host "Script completed"
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請(qǐng)聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時(shí)請(qǐng)結(jié)合常識(shí)與多方信息審慎甄別。
平臺(tái)聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點(diǎn),簡(jiǎn)書系信息發(fā)布平臺(tái),僅提供信息存儲(chǔ)服務(wù)。

相關(guān)閱讀更多精彩內(nèi)容

友情鏈接更多精彩內(nèi)容