private/New-EntraPermissionEntry.ps1

Function New-EntraPermissionEntry{
    <#
        Author = "Jos Lieben (jos@lieben.nu)"
        CompanyName = "Lieben Consultancy"
        Copyright = "https://www.lieben.nu/liebensraum/commercial-use/"
    #>
    
    Param(
        [Parameter(Mandatory=$true)]$path,
        [Parameter(Mandatory=$true)]$type,
        [Parameter(Mandatory=$true)]$principalId,
        [Parameter(Mandatory=$true)]$roleDefinitionId,
        [Parameter(Mandatory=$false)]$principalUpn="Unknown",
        [Parameter(Mandatory=$false)]$principalName="Unknown",
        [Parameter(Mandatory=$false)]$principalType="Unknown",
        [Parameter(Mandatory=$false)]$through="Direct",
        [Parameter(Mandatory=$false)]$parent = "N/A",
        [Parameter(Mandatory=$false)]$roleDefinitionName="Legacy Role",
        [Parameter(Mandatory=$false)]$startDateTime,
        [Parameter(Mandatory=$false)]$endDateTime
    )

    if($currentUser.userPrincipalName -eq $principalUpn){
        Write-Verbose "Skipping permission $($roleDefinitionName) scoped at $path for $($principalUpn) as it is the auditor account"
        return $Null
    }

    if(!$roleDefinitionName){
        $roleDefinitionName = "Legacy Role"
    }

    Write-Verbose "Adding permission $($roleDefinitionName) scoped at $path for $($principalUpn)"
    if(!$global:EntraPermissions.$path){
        $global:EntraPermissions.$path = @()
    }
    $global:statObj."Total objects scanned"++
    $global:EntraPermissions.$path += [PSCustomObject]@{
        scope = $path
        type = $type
        principalUpn = $principalUpn
        roleDefinitionName = $roleDefinitionName
        startDateTime = $startDateTime
        endDateTime = $endDateTime
        principalName = $principalName
        principalType = $principalType        
        principalId = $principalId
        roleDefinitionId = $roleDefinitionId
        through = $through
        parent = $parent        
    }
}