Using cmdlets to manage access

The Centrify Access Module for PowerShell provides cmdlets that perform operations on objects that correspond to the core elements of Centrify data. The core elements of Centrify data for access control and privilege management are the following:

  • Computers
  • Users and user profiles
  • Groups and group profiles
  • Zones and zone properties
  • UNIX and Windows rights
  • User role definitions
  • Computer role definitions
  • Role assignments
  • NIS network maps and map entries

In most cases, you can use cmdlets to manipulate Centrify information in any type of zone. However, because the implementation of authorization differs greatly in hierarchical zones from authorization in classic zones, the Access Module for Window PowerShell cmdlets that enable you to work with rights, roles, or role assignments are only applicable in hierarchical zones. You should not use the cmdlets for rights, roles, and role assignments in classic zones. Other than this limitation, you can use the cmdlets to create, access, modify, and remove information associated with any of the core elements of Centrify data for access control and privilege management.

Most of the cmdlets perform one of the following basic operations:

  • New-CdmXxx cmdlets create new Centrify objects, such as a new zone or a new role definition.
  • Add-CdmXxx cmdlets add a right to a specified role.
  • Get-CdmXxx cmdlets get the properties of a specified object.
  • Set-CdmXxx cmdlets set or change the properties of a specified object.
  • Remove-CdmXxx cmdlets delete a specified object or remove a right from a specified role.

In addition to these basic operations, there are cmdlets for exporting and importing rights and roles from one zone to another and for establishing connections with Active Directory.

For reference information describing the use and parameters for each cmdlet, you can use the get-help function within the PowerShell console. For example, if you want to see a description and syntax summary for the New-CdmZone cmdlet, type the following command in the PowerShell console:

get-help New-CdmZone

If you want to see more detailed information about a cmdlet’s parameters and code examples, you can use the -detailed or -full option. For example, type the following command in the PowerShell console:

get-help New-CdmZone -detailed