Private/GDAP/Set-GDAPPermissions.ps1
|
function Set-GDAPPermissions { [CmdletBinding()] param( [Parameter(Mandatory)] [string]$RelationshipId ) try { # Apply each access assignment set $accessSets = @($script:Config.GDAP.AccessAssignments) $index = 1 foreach ($accessSet in $accessSets) { Write-ModuleLog -Message "Creating access assignment for group $($accessSet.accessContainer.accessContainerId) [$($index)/$($accessSets.Count)]" -Level Info -Component 'GDAPPermissions' $assignment = New-MgTenantRelationshipDelegatedAdminRelationshipAccessAssignment ` -DelegatedAdminRelationshipId $RelationshipId ` -BodyParameter $accessSet # Wait for assignment to become active $retryCount = 0 $maxRetries = 50 while ($retryCount -lt $maxRetries) { $status = Get-MgTenantRelationshipDelegatedAdminRelationshipAccessAssignment ` -DelegatedAdminRelationshipId $RelationshipId ` -DelegatedAdminAccessAssignmentId $assignment.Id if ($status.Status -eq "active") { Write-ModuleLog -Message "Access assignment activated successfully" -Level Info -Component 'GDAPPermissions' break } Write-ModuleLog -Message "Waiting for access assignment activation..." -Level Info -Component 'GDAPPermissions' Start-Sleep -Seconds 10 $retryCount++ } if ($retryCount -eq $maxRetries) { Write-ModuleLog -Message "Timeout waiting for access assignment activation" -Level Error -Component 'GDAPPermissions' -ThrowError } $index++ } } catch { Write-ModuleLog -Message "Failed to set GDAP permissions: $($_.Exception.Message)" -Level Error -Component 'GDAPPermissions' -ErrorRecord $_ -ThrowError } } |